www.belgium.be Logo of the federal government

Warning: Critical Vulnerability Affects Wordpress Bricks Builder!

Reference: 
Advisory #2024-30
Version: 
1.1
Affected software: 
WordPress Bricks Builder version <= 1.9.6
Type: 
Remote Code Execution (RCE)
CVE/CVSS: 

CVE-2024-25600 :CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/bricks/bricks-196-unauthenticated-remote-code-execution

Risks

A security patch was released to address a critical vulnerability that is affecting the WordPress theme Bricks Builder.

The vulnerability has a low attack complexity, does not require privileges or user interaction, and has a HIGH impact on Confidentiality, Integrity, and Availability.

Furthermore, WordFence disclosed that they blocked several attacks targeting this vulnerability in the past 24 hours, so it under active exploitation.

Update v1.1: Since a PoC (Proof-of-Concept) is now available, an increase of exploitation in the wild is expected.

Description

CVE-2024-25600: Remote Code Execution (RCE).

Bricks Builder for WordPress is vulnerable to RCE in all versions up to, and including, version 1.9.6.

An unauthenticated attacker can execute code on the server to install malware or backdoors, steal sensitive data, deface a website, or use the vulnerable server for further attacks.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organisations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

https://securityonline.info/cve-2024-25600-wordpresss-bricks-builder-rce-flaw-under-attack/