CVE-2024-25600: WordPress’s Bricks Builder RCE Flaw Under Active Exploitation

Bar Refael

February 20, 2024

A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2024-25600 (CVSS score: 9.8), has been discovered in the widely used WordPress site builder, Bricks Builder. This vulnerability is currently being actively exploited, posing a significant risk to websites using this theme.

Vulnerability Details:

  • CVE ID: CVE-2024-25600
  • CVSS Score: 9.8 (Critical)
  • Affected Software: Bricks Builder for WordPress
  • Affected Versions: All versions prior to 1.9.6.1
  • Impact: Unauthenticated remote code execution

Description:

Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites.

The vulnerability allows unauthenticated attackers to execute arbitrary code on the server hosting the WordPress site. This can lead to various malicious activities, including:

  • Installing malware or backdoors
  • Stealing sensitive data
  • Defacing the website
  • Using the server for further attacks

Mitigation:

Bricks Builder has released a patch (version 1.9.6.1) to address this vulnerability. It is imperative that all users of Bricks Builder update to this version immediately to secure their sites. Delaying the update increases the risk of exploitation.

Updating Bricks Builder can typically be done directly within your WordPress dashboard. For detailed instructions, refer to the Bricks Builder website or their official documentation.

Active Exploitation:

Security experts at Wordfence have confirmed multiple attacks targeting CVE-2024-25600 in the last 24 hours. The attacks have originated from several IP addresses, including but not limited to:

  • 200.251.23.57
  • 92.118.170.216
  • 103.187.5.128
  • 149.202.55.79
  • 5.252.118.211
  • 91.108.240.52

Additionally, malware specifically designed to exploit this vulnerability has been observed, with features to disable security-related plugins such as Wordfence and Sucuri.

Recommendations:

  • Immediate Action: Update Bricks Builder to version 1.9.6.1 without delay.
  • Monitor: Keep an eye on your website for any suspicious activity and regularly check for updates and patches for all installed themes and plugins.
  • Security Measures: Ensure that your website is protected with robust security measures, including firewalls, security plugins, and regular backups.

Conclusion:

The CVE-2024-25600 vulnerability in WordPress’s Bricks Builder is a critical threat that requires immediate attention. By promptly updating to the patched version and maintaining vigilant security practices, you can protect your website from potential exploitation and ensure the safety of your digital assets.

Stay safe and informed,

OP Innovate Security Team

Under Cyber Attack?

Fill out the form and we will contact you immediately.

Under Cyber Attack?

Fill out the form and we will contact you immediately.