Cyber Resilience

CVE-2024-2297

High

Published: 27 February 2025

Published
27 February 2025
Modified
11 March 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0022 45.4th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-2297 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Bricksbuilder Bricks. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 45.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-2297 is a privilege escalation vulnerability affecting the Bricks theme for WordPress in all versions up to and including 1.9.6.1. The issue stems from insufficient validation checks in the create_autosave AJAX function, which allows authenticated attackers to bypass access controls. It has a CVSS v3.1 base score of 7.1 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management).

Attackers with contributor-level access or higher can exploit this vulnerability to execute arbitrary PHP code with administrator-level privileges. Successful exploitation requires three specific conditions: the Bricks Builder must be enabled for posts, builder access must be enabled for contributor-level users, and "Code Execution" must be enabled for administrator-level users within the theme's settings. This enables network-based attacks with low privileges, user interaction, and high impact on confidentiality, integrity, and availability.

Advisories from Bricks and Wordfence recommend updating to Bricks version 1.9.7, which addresses the vulnerability. Security practitioners should verify theme settings to ensure the required conditions are not met and monitor for unauthorized admin actions on affected sites. Full details are available at https://bricksbuilder.io/release/bricks-1-9-7/ and https://www.wordfence.com/threat-intel/vulnerabilities/id/cb075e85-75fc-4008-8270-4d1064ace29e?source=cve.

EU & UK References

Vulnerability details

The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level…

more

access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for contributor-level users, and (3) "Code Execution" to be enabled for administrator-level users within the theme's settings.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Directly enables exploitation for privilege escalation from contributor to admin with arbitrary PHP code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13835Shared CWE-269
CVE-2024-44250Shared CWE-269
CVE-2024-53706Shared CWE-269
CVE-2025-66374Shared CWE-269
CVE-2026-28995Shared CWE-269
CVE-2025-43199Shared CWE-269
CVE-2025-36640Shared CWE-269
CVE-2025-8899Shared CWE-269
CVE-2024-47770Shared CWE-269
CVE-2025-24254Shared CWE-269

Affected Assets

bricksbuilder
bricks
≤ 1.9.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege to prevent contributor-level users from escalating to administrator-level PHP code execution via the vulnerable AJAX function.

prevent

Requires enforcement of access authorizations in the create_autosave AJAX function to address insufficient validation checks enabling privilege escalation.

prevent

Mandates validation of inputs to the create_autosave AJAX function to block arbitrary PHP code execution by authenticated low-privilege attackers.

References