CVE Details
Basic Information
| Title | Bricks Builder <= 1.12.4 - Unauthenticated SQL Injection via `p` Parameter |
|---|---|
| Type | cve |
| Published | 2025-07-29T04:23:44.765Z |
| Modified | 2025-07-29T04:23:44.765Z |
Product Information
| Vendor | Bricks Builder |
|---|---|
| Product | Bricks |
| Version | * |
CVSS Information
| Base Score | 7.5 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
AI Analysis
| AI Description | The Bricks WordPress theme is vulnerable to SQL Injection via the ‘p’ parameter, allowing unauthenticated attackers to extract sensitive data. This affects versions up to 1.12.4 due to insufficient input escaping and SQL query preparation. |
|---|---|
| AI Severity | High |
| AI Vendor | Bricks Builder |
| AI Product | Bricks |
| AI Version | 1.12.4 |
| AI Score | 7.5 |
Affected Products
- Bricks Builder Bricks *
Additional Information
| CWE List | CWE-89 |
|---|---|
| Source | Wordfence |
Description
The Bricks theme for WordPress is vulnerable to blind SQL Injection via the āpā parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.