Code Injection Vulnerability Affects Bricks Builder
CVE-2024-25600
Key Information:
- Vendor
- WordPress
- Status
- Vendor
- CVE Published:
- 4 June 2024
Badges
Summary
The vulnerability in Bricks Builder, developed by Codeer Limited, allows for improper control of code generation, leading to code injection risks. This condition is particularly critical in versions ranging from n/a to 1.9.6. Attackers may exploit this weakness to execute arbitrary code on the server, posing significant threats to the integrity and security of web applications utilizing this plugin. It is crucial for users of Bricks Builder to update to the latest patches and validate their configurations to mitigate potential attacks.
Affected Version(s)
Bricks Builder <= 1.9.6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
SangforCVE-2024-25600CVE-2024-25600: WordPress Bricks Builder Remote Code Execution Vulnerability
On February 26, 2024, Sangfor FarSight Labs received notification of the remote code execution vulnerability (CVE-2024-25600) in Bricks Builder.
TheCyberThroneCVE-2024-25600Bricks Builder WordPress Plug-in Vulnerability CVE-2024-25600
WordPress Bricks Builder, a popular WordPress site builder, is being actively targeted by hackers due to a critical vulnerability that allows unauthenticated attackers to perform remote code execution. The Bricks plugin was estimated to have about 25,000 active installations when the vulnerability w...
WordPress plugin under attack; Bricks Builder bug enables RCE
WordPress site takeover is possible without authentication via the actively exploited vulnerability.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
- 📰
First article discovered by Beeping Computers
Vulnerability Reserved