Code Injection Vulnerability Affects Bricks Builder
CVE-2024-25600
Key Information:
- Vendor
- WordPress
- Status
- Vendor
- CVE Published:
- 4 June 2024
Badges
What is CVE-2024-25600?
CVE-2024-25600 is a code injection vulnerability discovered in Bricks Builder, a WordPress plugin designed for website development and design. This vulnerability allows an attacker to execute arbitrary code on the affected systems, potentially leading to serious security breaches. The issue primarily affects versions of Bricks Builder up to 1.9.6, posing significant risks to organizations relying on this software for their website operations. If exploited, this vulnerability could compromise sensitive data, disrupt services, and damage the reputation of the affected organization.
Technical Details
The vulnerability arises from improper control over the generation of code within Bricks Builder. This code injection flaw can be exploited remotely, enabling unauthorized users to execute malicious code on the server where the plugin is installed. The affected versions span from the initial release up to 1.9.6, requiring immediate attention from users and administrators to mitigate potential risks. Patches and updates have been developed to address this vulnerability, and details about exploits have been shared online, indicating the seriousness of the threat.
Potential impact of CVE-2024-25600
-
Remote Code Execution: The most significant impact of this vulnerability is the ability for attackers to execute arbitrary code on the affected servers, which can lead to full system compromise.
-
Data Breaches: Exploiting this vulnerability may allow unauthorized access to sensitive data, including user information, configurations, and proprietary content, thus risking data integrity and privacy.
-
Service Disruption: Successful exploitation can lead to denial of service, where malicious actors can disable the affected website or disrupt its normal operations, significantly impacting business continuity and user experience.
Affected Version(s)
Bricks Builder <= 1.9.6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
SangforCVE-2024-25600CVE-2024-25600: WordPress Bricks Builder Remote Code Execution Vulnerability
On February 26, 2024, Sangfor FarSight Labs received notification of the remote code execution vulnerability (CVE-2024-25600) in Bricks Builder.
TheCyberThroneCVE-2024-25600Bricks Builder WordPress Plug-in Vulnerability CVE-2024-25600
WordPress Bricks Builder, a popular WordPress site builder, is being actively targeted by hackers due to a critical vulnerability that allows unauthenticated attackers to perform remote code execution. The Bricks plugin was estimated to have about 25,000 active installations when the vulnerability w...
WordPress plugin under attack; Bricks Builder bug enables RCE
WordPress site takeover is possible without authentication via the actively exploited vulnerability.
References
EPSS Score
93% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
- 📰
First article discovered by Beeping Computers
Vulnerability Reserved