A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

Critical Vulnerability in WordPress Bricks Plug-in (CVE-2024-25600)

22nd February 2024

Advisory No: TZCERT/SA/2024/02/22

Date of First Release: 22nd February 2024

Source: WordPress plugin Bricks Builder

Software Affected: Bricks Builder versions 1.9.6 and earlier

Overview:

WordPress has released security updates to address a critical vulnerability (CVE-2024-25600) impacting their Bricks Builder Plug-in. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution and gain control of the server.

Description:

CVE-2024-25600 (CVSS score of 9.8) is due to an eval function call in the ‘prepare_query_vars_from_settings’ function, which could allow an unauthenticated user to exploit it to execute arbitrary PHP code.

Impact:

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution:

Users and administrators of affected product versions are advised to update to the latest version immediately.

References:

  1. https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-021
  2. https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-rce-flaw-in-bricks-wordpress-site-builder/

TZCERT-SU-24-0191 (Oracle Linux Security Update)

21st February 2024

Oracle has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Oracle Security Advisories dated Oracle Linux Security Advisories dated 19th February 2024 and apply necessary updates.

TZCERT-SU-24-0190 (SUSE Security Update)

21st February 2024

SUSE has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review SUSE Security Advisories dated 19th February 2024 and apply necessary updates.

TZCERT-SU-24-0189 (Ubuntu Security Update)

21st February 2024

Ubuntu has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Ubuntu Security Notices dated 19th February 2024 and apply necessary updates.

TZCERT-SU-24-0188 (Samba Security Updates)

21st February 2024

Gentoo has released security updates to address vulnerabilities in Samba package. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Gentoo Security Advisory and apply necessary updates.

DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.