WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

February 20, 2024 at 04:33AM

A critical security flaw in the Bricks theme for WordPress, tracked as CVE-2024-25600, allows unauthenticated attackers to remotely execute PHP code on susceptible installations. The flaw was addressed in version 1.9.6.1 on February 13, 2024, following Snicco’s report. Exploitation attempts have been detected, and users are advised to apply the latest patches.

The meeting notes from February 20, 2024, highlight a critical security flaw in the Bricks theme for WordPress. Tracked as CVE-2024-25600 with a CVSS score of 9.8, this flaw allows unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6 but has been addressed by the theme developers in version 1.9.6.1, which was released on February 13, 2024.

While a proof-of-concept (PoC) exploit has not been released, technical details by Snicco and Patchstack reveal that the vulnerable code exists in the prepare_query_vars_from_settings() function. This vulnerability arises from the use of publicly available nonces on the frontend of a WordPress site, with WordPress emphasizing the need to protect functions using current_user_can() and assume that nonces can be compromised.

The severity of the flaw is underscored by the fact that over three dozen attack attempts exploiting it had been detected by WordPress security company Wordfence as of February 19, 2024, with attempts beginning on February 14, a day after public disclosure. A list of IP addresses engaged in exploitation attempts was also provided in the meeting notes. It is important to note that Bricks is estimated to have around 25,000 currently active installations, and users of the plugin are strongly recommended to apply the latest patches to mitigate potential threats.

Full Article