Browse all 3 CVE security advisories affecting Bricksforge. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bricksforge is a WordPress plugin builder that enables developers to create custom page builders and extensions. Historically, the plugin has been associated with multiple critical vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation issues. These vulnerabilities often stem from insufficient input validation and improper access controls. With three CVEs currently on record, Bricksforge has demonstrated recurring security weaknesses in its architecture. The plugin's complex integration with WordPress core and third-party builders has created multiple attack vectors, particularly in its template and shortcode processing mechanisms. Security researchers have noted that while updates address reported issues, the underlying design continues to present potential risks for users.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-31244 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Settings Change vulnerability — BricksforgeCWE-862 | 9.8 | Critical | 2024-06-09 |
| CVE-2024-31243 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Setting Deletion vulnerability — BricksforgeCWE-862 | 7.5 | High | 2024-06-09 |
| CVE-2024-31242 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability — BricksforgeCWE-862 | 5.3 | Medium | 2024-04-10 |
This page lists every published CVE security advisory associated with Bricksforge. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.