CVE-2023-3409
published 2024-08-17CVE-2023-3409: The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce…
PriorityP416medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.19%
8.5th percentile
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bricks_builder | bricks | <= 1.8.1 | — |
| bricksbuilder | bricks | < 1.8.2 | 1.8.2 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
ghsa5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Insecure Temporary File in RESTEasy
ghsa·2025-01-15·CVSS 5.5
CVE-2023-0482 [MEDIUM] CWE-378 Insecure Temporary File in RESTEasy
Insecure Temporary File in RESTEasy
### Impact
In RESTEasy the insecure `File.createTempFile()` is used in the `DataSourceProvider`, `FileProvider` and `Mime4JWorkaround` classes which creates temp files with insecure permissions that could be read by a local user.
### Patches
Fixed in the following pull requests:
* https://github.com/resteasy/resteasy/pull/3409 (7.0.0.Alpha1)
* https://github.com/resteasy/resteasy/pull/3423 (6.2.3.Final)
* https://github.com/resteasy/resteasy/pull/3412 (5.0.6.Final)
* https://github.com/resteasy/resteasy/pull/3413 (4.7.8.Final)
* https://github.com/resteasy/resteasy/pull/3410 (3.15.5.Final)
### Workarounds
There is no workaround for this issue.
### References
* https://nvd.nist.gov/vuln/detail/CVE-2023-0482
* https://bugzilla.redhat.com/show_bug.cgi?
GHSA
GHSA-9jvc-fg8h-cfgg: The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1
ghsa_unreviewed·2024-08-17
CVE-2023-3409 [MEDIUM] CWE-352 GHSA-9jvc-fg8h-cfgg: The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-17
Published