Warning: Critical Vulnerability Affects Wordpress Bricks Builder!
CVE-2024-25600 :CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
A security patch was released to address a critical vulnerability that is affecting the WordPress theme Bricks Builder.
The vulnerability has a low attack complexity, does not require privileges or user interaction, and has a HIGH impact on Confidentiality, Integrity, and Availability.
Furthermore, WordFence disclosed that they blocked several attacks targeting this vulnerability in the past 24 hours, so it under active exploitation.
Update v1.1: Since a PoC (Proof-of-Concept) is now available, an increase of exploitation in the wild is expected.
Description
CVE-2024-25600: Remote Code Execution (RCE).
Bricks Builder for WordPress is vulnerable to RCE in all versions up to, and including, version 1.9.6.
An unauthenticated attacker can execute code on the server to install malware or backdoors, steal sensitive data, deface a website, or use the vulnerable server for further attacks.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://securityonline.info/cve-2024-25600-wordpresss-bricks-builder-rce-flaw-under-attack/