WordPress Plugin Vulnerabilities

Bricksforge < 2.1.1 - Missing Authorization to Unauthenticated WordPress Settings Deletion

Description

The Bricksforge plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to delete arbitrary WordPress settings.

Affects Plugins

Plugin icon
bricksforge
Fixed in 2.1.1

References

CVE
CVE-2024-31243
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc82745a-f1d3-48fc-ba7b-3ff726edae34

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
cb81ca31-1a39-40aa-b6d9-6d336d672780

Timeline

Publicly Published
2024-04-05 (about 2 years ago)
Added
2024-04-11 (about 1 year ago)
Last Updated
2024-04-11 (about 1 year ago)

Other

Published
Title
Published
2025-01-16
Title
Realty Workstation <= 1.0.45 - Missing Authorization
Published
2025-10-09
Title
Media Library Assistant < 3.30 - Missing Authorization
Published
2024-01-04
Title
Cloudflare < 4.12.3 - Missing Authorization via initProxy
Published
2025-01-16
Title
WC Wallet <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Deletion
Published
2025-07-09
Title
Templazee <= 1.0.2 - Missing Authorization