February 20, 2024 at 09:03AM
Attackers are leveraging a recently patched vulnerability in the Bricks Builder plugin for WordPress to execute arbitrary PHP code on affected websites, warns Patchstack. Tracked as CVE-2024-25600, this remote code execution flaw can be exploited without authentication. Exploitation attempts have already been observed, with attackers deploying malware to disable security plugins. Bricks has released patches and urges immediate updates.
Based on the meeting notes, the key takeaways are:
1. Attackers are exploiting the CVE-2024-25600 vulnerability in the Bricks Builder plugin for WordPress, allowing them to execute arbitrary PHP code on affected WordPress websites.
2. The vulnerability is due to a flaw in the ‘prepare_query_vars_from_settings’ function, enabling the remote code execution without authentication.
3. The security company Patchstack reports that threat actors are already exploiting the vulnerability and deploying malware that can disable security plugins.
4. Although patches for the vulnerability were released in Bricks Builder version 1.9.6.1 on February 13, exploitation attempts were observed on February 14, originating from multiple IP addresses.
5. The premium version of Bricks Builder has approximately 25,000 active installations.
These takeaways highlight the urgency for users to update their Bricks Builder plugin to version 1.9.6.1 to mitigate the risk of exploitation due to this vulnerability.