CVE-2026-40723 Bricks CVE debrief

Who should care

WordPress administrators and users of the Bricks Builder theme, particularly those with subscriber-level access, should be aware of this vulnerability. Updating to a patched version of Bricks Builder is recommended to prevent potential unauthorized access and actions on the website.

Technical summary

The vulnerability, identified as CVE-2026-40723, is a Broken Access Control issue in Bricks Builder versions up to 2.1.4. It allows subscribers to perform unauthorized actions due to inadequate access controls. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating a medium severity level. The weakness is classified under CWE-862.

Defensive priority

Medium

Recommended defensive actions

• Update Bricks Builder to a version beyond 2.1.4
• Review and restrict subscriber-level access and permissions
• Monitor website activity for unauthorized actions
• Implement additional security measures, such as two-factor authentication
• Regularly update and patch WordPress themes and plugins
• Consider using a Web Application Firewall (WAF) to detect and prevent attacks

Evidence notes

The vulnerability was reported by Patchstack and is tracked under CVE-2026-40723. The CVE record and NVD details are available for further information. The vulnerability's CVSS score and vector were provided by the NVD.

Official resources