Critical RCE Flaw in WordPress Bricks Theme Exposes 25,000+ Sites

A critical Remote Code Execution (RCE) vulnerability in the Bricks Builder theme for WordPress has put over 25,000 websites at risk, prompting an urgent security update.

The flaw, identified as CVE-2024-25600, was discovered by a security researcher known as ‘snicco’ and reported to the Patchstack bug bounty program.

WordPress Bricks Theme RCE Flaw

The vulnerability affects all versions of the Bricks Builder theme up to 1.9.6 and allows unauthenticated attackers to execute arbitrary PHP code on the server. 

A hacker could take over an entire site without user credentials. The severity of this RCE flaw has been rated 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), indicating a critical level of risk.

Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .

Book Your Spot

A majority of the attacks are from the following IP addresses –

• 200.251.23[.]57
• 92.118.170[.]216
• 103.187.5[.]128
• 149.202.55[.]79
• 5.252.118[.]211
• 91.108.240[.]52

Impact and Exploitation

The Bricks Builder theme is a popular WordPress development tool that enables users to create high-performance websites with a code-free approach. Due to its ease of use and developer-friendly components, it has become a preferred choice for many developers.

However, discovering this vulnerability has led to active exploitation, with attackers running malicious PHP code on vulnerable sites.

Patchstack reported that the exploitation attempts began on February 14, just days after the vulnerability was disclosed. 

Wordfence also confirmed the active exploitation of the flaw, having detected multiple attacks.

The Bricks team responded promptly to the disclosure, releasing a security patch with version 1.9.6.1 on February 13, 2024.

The update addressed the root cause of the vulnerability and was made available as a one-click update.

Website administrators using the Bricks Builder theme are strongly advised to update to the latest version immediately to prevent potential exploits.

It is also recommended to check for signs of compromise even after updating, as attackers may have exploited the vulnerability before the patch was applied.

Recommendations for Users

Attention all users: it is highly recommended you upgrade to Bricks version 1.9.6.1 at your earliest convenience.

This latest version includes critical security patches and bug fixes, improving overall system stability and performance.

Failing to update may result in potential system vulnerabilities and data breaches. Kindly take action immediately to ensure the safety and integrity of your system.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.