CVE-2024-4874 – The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference …

Vuln ID: CVE-2024-4874

Published: 2024-06-22 05:15:11.837

Description: The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify posts and pages created by other users including admins. As a requirement for this, an admin would have to enable access to the editor specifically for such a user or enable it for all users with a certain user account type.

Base Score: 4.3 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Source: NVD.NIST.GOV

Date:

22 June 2024

Categorie(s):

NVD

Tag(s):

NVD

Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. – SWN #48720 June 2025
Jira tickets become attack vectors in PoC ‘living off AI’ attack20 June 2025
Anubis Ransomware Lists Disneyland Paris as New Victim20 June 2025
Hackers Target 700+ ComfyUI AI Image Generation Servers to Spread Malware20 June 2025
Netflix, Apple, BofA websites hijacked with fake help-desk numbers20 June 2025