Impact
An unauthenticated attacker can read sensitive configuration or personal data from any WordPress site running the Bricksforge plugin up to and including version 3.1.8.4. The flaw directly violates confidentiality, allowing exposure of data that should be protected, and it is categorized as CWE‑201. Because the vulnerability can be triggered without authentication, any visitor to the site may exploit it.
Affected Systems
The vulnerability affects the Bricksforge WordPress plugin, version 3.1.8.4 and earlier. Users with older plugin versions installed on their WordPress installations are affected.
Risk and Exploitability
The CVSS score of 7.5 classifies this issue as high severity. EPSS data is not available, so the likelihood of widespread exploitation is unclear, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is unauthenticated access via the plugin’s exposed endpoint, as no authentication is required to trigger the exposure.
OpenCVE Enrichment