Impact
A missing authorization check in the Bricks Builder WordPress theme allows a user with a Subscriber role to perform administrative actions normally reserved for higher‑privileged users. This flaw is listed as CWE‑862 and results in the ability to modify theme settings and potentially other site configuration elements that the subscriber normally could not access.
Affected Systems
WordPress sites that are using Bricks Builder theme version 2.1.4 or earlier are affected. The theme developer explicitly lists all releases up to 2.1.4 as impacted. No other WordPress themes or core components are impacted.
Risk and Exploitability
The CVSS score of 4.3 indicates moderate severity; EPSS data is not available and the vulnerability is not in CISA’s KEV catalog. An attacker must possess a Subscriber account or compromise one through social engineering to trigger the broken access controls. The impact remains confined to the theme’s administrative interface, so the elevated privileges are limited to theme configuration rather than full site control.
OpenCVE Enrichment