CVE-2024-2297: Bricksbuilder <= 1.9.6.1 - Authenticated (Contributor+) Privilege Escalation via create_autosave
Description
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for contributor-level users, and (3) "Code Execution" to be enabled for administrator-level users within the theme's settings.
Classification
CVE ID: CVE-2024-2297
CVSS Base Severity: HIGH
CVSS Base Score: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Problem Types
CWE-269 Improper Privilege ManagementAffected Products
Vendor: Bricks Builder
Product: Bricks
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 8.24% (scored less or equal to compared to others)
EPSS Date: 2025-03-28 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-2297https://www.wordfence.com/threat-intel/vulnerabilities/id/cb075e85-75fc-4008-8270-4d1064ace29e?source=cve
https://bricksbuilder.io/release/bricks-1-9-7/