Hackers exploit critical RCE flaw in Bricks WordPress site builder

Hackers exploit critical RCE flaw in Bricks WordPress site builder

February 19, 2024 at 12:56PM

Hackers are exploiting a critical remote code execution flaw in the Bricks Builder Theme, allowing them to run malicious PHP code on vulnerable sites. A fix in version 1.9.6.1 was released on February 13 to address the vulnerability (CVE-2024-25600). Active exploitation attempts began on February 14, with specific IP addresses associated with the attacks. Users are urged to update to version 1.9.6.1 immediately.

Based on the meeting notes, here are the key takeaways:

1. There is an active exploitation of a critical remote code execution (RCE) flaw impacting the Brick Builder Theme, allowing hackers to run malicious PHP code on vulnerable sites.
2. The vulnerability, tracked as CVE-2024-25600, was discovered by a researcher named ‘snicco’ and is due to an eval function call in the ‘prepare_query_vars_from_settings’ function.
3. A fix for the security issue is available in version 1.9.6.1 of the Brick Builder Theme, released on February 13. Users are urged to upgrade to this version as soon as possible.
4. Despite the vendor’s advisory noting no evidence of exploitation at the time of the fix, active exploitation attempts were detected starting from February 14 by Patchstack, who also shared details about the vulnerability.
5. The exploitation of this security risk is possible through REST API endpoints, with attackers using specific malware to disable security plugins like Wordfence and Sucuri.
6. The following IP addresses have been associated with most of the attacks: 200.251.23.57, 92.118.170.216, 103.187.5.128, 149.202.55.79, 5.252.118.211, 91.108.240.52.
7. Wordfence has reported 24 detections of the active exploitation status of CVE-2024-25600 in the past day.
8. Bricks users are recommended to upgrade to version 1.9.6.1 immediately either through the WordPress dashboard or manually.

Let me know if you need further details or assistance.

Full Article