CVE-2024-2297 (GCVE-0-2024-2297)

Vulnerability from cvelistv5 – Published: 2025-02-27 05:23 – Updated: 2025-02-27 18:41
VLAI?
Title
Bricksbuilder <= 1.9.6.1 - Authenticated (Contributor+) Privilege Escalation via create_autosave
Summary
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for contributor-level users, and (3) "Code Execution" to be enabled for administrator-level users within the theme's settings.
Severity ?
7.1 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Bricks Builder Bricks Affected: * , ≤ 1.9.6.1 (semver)
Create a notification for this product.
Credits
Emil Trägårdh
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2297",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-27T18:41:06.434361Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T18:41:18.031Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Bricks",
          "vendor": "Bricks Builder",
          "versions": [
            {
              "lessThanOrEqual": "1.9.6.1",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Emil Tr\u00e4g\u00e5rdh"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for contributor-level users, and (3) \"Code Execution\" to be enabled for administrator-level users within the theme\u0027s settings."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-27T05:23:05.572Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb075e85-75fc-4008-8270-4d1064ace29e?source=cve"
        },
        {
          "url": "https://bricksbuilder.io/release/bricks-1-9-7/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-26T00:00:00.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "Bricksbuilder \u003c= 1.9.6.1 - Authenticated (Contributor+) Privilege Escalation via create_autosave"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-2297",
    "datePublished": "2025-02-27T05:23:05.572Z",
    "dateReserved": "2024-03-07T18:05:08.201Z",
    "dateUpdated": "2025-02-27T18:41:18.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-2297\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2025-02-27T06:15:21.477\",\"lastModified\":\"2025-03-11T19:39:40.640\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for contributor-level users, and (3) \\\"Code Execution\\\" to be enabled for administrator-level users within the theme\u0027s settings.\"},{\"lang\":\"es\",\"value\":\"El tema Bricks para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.9.6.1 incluida. Esto se debe a que no se han realizado suficientes comprobaciones de validaci\u00f3n en la funci\u00f3n AJAX create_autosave. Esto permite que atacantes autenticados, con acceso de nivel de colaborador o superior, ejecuten c\u00f3digo PHP arbitrario con privilegios elevados (de nivel de administrador). NOTA: Para que esta vulnerabilidad se aproveche con \u00e9xito, es necesario que (1) el constructor de Bricks est\u00e9 habilitado para las publicaciones, (2) que el acceso al constructor est\u00e9 habilitado para los usuarios de nivel de colaborador y (3) que la \\\"ejecuci\u00f3n de c\u00f3digo\\\" est\u00e9 habilitada para los usuarios de nivel de administrador en la configuraci\u00f3n del tema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bricksbuilder:bricks:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"1.9.7\",\"matchCriteriaId\":\"92D42BD1-9F1B-43EE-B34D-0603B0A868F9\"}]}]}],\"references\":[{\"url\":\"https://bricksbuilder.io/release/bricks-1-9-7/\",\"source\":\"security@wordfence.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/cb075e85-75fc-4008-8270-4d1064ace29e?source=cve\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2025-02-27T05:23:05.572Z\"}, \"affected\": [{\"vendor\": \"Bricks Builder\", \"product\": \"Bricks\", \"versions\": [{\"version\": \"*\", \"status\": \"affected\", \"lessThanOrEqual\": \"1.9.6.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for contributor-level users, and (3) \\\"Code Execution\\\" to be enabled for administrator-level users within the theme\u0027s settings.\"}], \"title\": \"Bricksbuilder \u003c= 1.9.6.1 - Authenticated (Contributor+) Privilege Escalation via create_autosave\", \"references\": [{\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/cb075e85-75fc-4008-8270-4d1064ace29e?source=cve\"}, {\"url\": \"https://bricksbuilder.io/release/bricks-1-9-7/\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-269 Improper Privilege Management\", \"cweId\": \"CWE-269\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\"}}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Emil Tr\\u00e4g\\u00e5rdh\"}], \"timeline\": [{\"time\": \"2025-02-26T00:00:00.000+00:00\", \"lang\": \"en\", \"value\": \"Disclosed\"}]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2297\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-27T18:41:06.434361Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-27T18:41:13.946Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-2297\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Wordfence\", \"dateReserved\": \"2024-03-07T18:05:08.201Z\", \"datePublished\": \"2025-02-27T05:23:05.572Z\", \"dateUpdated\": \"2025-02-27T18:41:18.031Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.