A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Critical Vulnerability in WordPress Bricks Plug-in (CVE-2024-25600)

Critical Vulnerability in WordPress Bricks Plug-in (CVE-2024-25600)

Advisory No: TZCERT/SA/2024/02/22

Date of First Release: 22nd February 2024

Source: WordPress plugin Bricks Builder

Software Affected: Bricks Builder versions 1.9.6 and earlier

Overview:

WordPress has released security updates to address a critical vulnerability (CVE-2024-25600) impacting their Bricks Builder Plug-in. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution and gain control of the server.

Description:

CVE-2024-25600 (CVSS score of 9.8) is due to an eval function call in the ‘prepare_query_vars_from_settings’ function, which could allow an unauthenticated user to exploit it to execute arbitrary PHP code.

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution:

Users and administrators of affected product versions are advised to update to the latest version immediately.

References:

  1. https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-021
  2. https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-rce-flaw-in-bricks-wordpress-site-builder/

Check Also

Critical vulnerabilities affecting IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector (CVE-2022-42920, CVE-2023-51385 and CVE-2023-39410)

Advisory No: TZCERT/SA/2024/04/12-2 Date of First Release: 12th April 2024 Source: IBM Software Affected: IBM …