Teacher
Professional
- Messages
- 2,670
- Reaction score
- 780
- Points
- 113
An advanced web designer gave users functionality, while simultaneously selecting security.
Calvin Alkan, an independent cybersecurity expert with the Snicco platform, recently discovered a vulnerability in the premium Bricks Builder theme for WordPress. The breach allows hackers to execute arbitrary PHP code on sites that use this theme.
With about 25,000 active installations, Bricks Builder is known for its user-friendliness and customization options in website design. The developers describe it not just as a WordPress theme, but as an advanced visual website builder. The identified vulnerability was designated CVE-2024-25600 and poses a threat when installing Bricks Builder with the default settings.
The problem is related to the use of the eval function during the preparation of query variables, which may allow unauthorized users to execute arbitrary code.
The Patchstack platform, which specializes in WordPress security, promptly reported the problem to Bricks Builder developers, and on February 13, update 1.9.6.1 was released, eliminating the error.
In their post, the developers reported that at the time of the patch's release, they did not find any evidence of real exploitation of CVE-2024-25600, but users are advised to update to the latest version of the theme in order to minimize risks.
Already on February 14, Patchstack and Wordfence experts began recording attempts to exploit the vulnerability, because few people will update the vulnerable product to the latest version so quickly. In their attacks, attackers use specialized malware that can disable installed security plugins to increase the chances of successful exploitation of CVE-2024-25600.
In light of these developments, all owners of WordPress sites that use the Bricks Builder theme are strongly advised to immediately update it to version 1.9.6.1 via the WordPress dashboard or manually to protect their resources from potential attacks.
Calvin Alkan, an independent cybersecurity expert with the Snicco platform, recently discovered a vulnerability in the premium Bricks Builder theme for WordPress. The breach allows hackers to execute arbitrary PHP code on sites that use this theme.
With about 25,000 active installations, Bricks Builder is known for its user-friendliness and customization options in website design. The developers describe it not just as a WordPress theme, but as an advanced visual website builder. The identified vulnerability was designated CVE-2024-25600 and poses a threat when installing Bricks Builder with the default settings.
The problem is related to the use of the eval function during the preparation of query variables, which may allow unauthorized users to execute arbitrary code.
The Patchstack platform, which specializes in WordPress security, promptly reported the problem to Bricks Builder developers, and on February 13, update 1.9.6.1 was released, eliminating the error.
In their post, the developers reported that at the time of the patch's release, they did not find any evidence of real exploitation of CVE-2024-25600, but users are advised to update to the latest version of the theme in order to minimize risks.
Already on February 14, Patchstack and Wordfence experts began recording attempts to exploit the vulnerability, because few people will update the vulnerable product to the latest version so quickly. In their attacks, attackers use specialized malware that can disable installed security plugins to increase the chances of successful exploitation of CVE-2024-25600.
In light of these developments, all owners of WordPress sites that use the Bricks Builder theme are strongly advised to immediately update it to version 1.9.6.1 via the WordPress dashboard or manually to protect their resources from potential attacks.
