Description
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
Published: 2026-06-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker can read sensitive configuration or personal data from any WordPress site running the Bricksforge plugin up to and including version 3.1.8.4. The flaw directly violates confidentiality, allowing exposure of data that should be protected, and it is categorized as CWE‑201. Because the vulnerability can be triggered without authentication, any visitor to the site may exploit it.

Affected Systems

The vulnerability affects the Bricksforge WordPress plugin, version 3.1.8.4 and earlier. Users with older plugin versions installed on their WordPress installations are affected.

Risk and Exploitability

The CVSS score of 7.5 classifies this issue as high severity. EPSS data is not available, so the likelihood of widespread exploitation is unclear, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is unauthenticated access via the plugin’s exposed endpoint, as no authentication is required to trigger the exposure.

Generated by OpenCVE AI on June 18, 2026 at 12:20 UTC.

Remediation

Vendor Solution

Update the WordPress Bricksforge Plugin to the latest available version (at least 3.1.8.5).


OpenCVE Recommended Actions

  • Update the WordPress Bricksforge plugin to version 3.1.8.5 or newer.
  • If the plugin is not required, uninstall or disable it from the WordPress installation.
  • Apply firewall or web server rules to block unauthenticated requests to the Bricksforge plugin endpoints until the update is applied.

Generated by OpenCVE AI on June 18, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Bricksforge
Bricksforge bricksforge
Wordpress
Wordpress wordpress
Vendors & Products Bricksforge
Bricksforge bricksforge
Wordpress
Wordpress wordpress
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
Title WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Bricksforge Bricksforge
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T15:33:58.646Z

Reserved: 2026-03-31T09:57:17.719Z

Link: CVE-2026-34888

cve-icon Vulnrichment

Updated: 2026-06-17T15:33:51.637Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T12:30:04Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data