Hackers exploit critical vulnerability in WordPress Bricks Builder theme

Vulnerability: Remote Code Execution (RCE)

Vulnerable topic: Bricks Builder (versions prior to 1.9.6.1)

Impact: Allows attackers to execute malicious PHP code on vulnerable websites.

Discovery: February 10, 2024.

Active exploitation: February 14, 2024 onwards.

Recommendation: Upgrade to Bricks Builder version 1.9.6.1 or higher immediately.

Details:

• The vulnerability resides in the prepare_query_vars_from_settings function of the Bricks Builder theme.
• Attackers can exploit it without authenticating themselves to execute arbitrary PHP code.
• Patchstack detected active exploit attempts as of February 14.
• Attempts to exploit it were detected on February 14.
• Attackers are using malware to disable security plugins such as Wordfence and Sucuri.
• Patchstack detected active exploitation attempts as of February.
• It is recommended to upgrade to the latest version of Bricks Builder as soon as possible.

A little more context

A recent security alert has rocked the WordPress community after a critical vulnerability was discovered in the Bricks Builder theme, a popular visual builder with more than 25,000 active installations. The flaw, identified as remote code execution (RCE), allows attackers to execute malicious PHP code on affected sites.

The vulnerability, discovered on February 10 by the researcher known as ‘snicco’, has been registered under the code CVE-2024-25600. It affects default versions of Bricks Builder, allowing unauthenticated users to execute arbitrary code through a theme-specific function.

The Patchstack platform, which specializes in WordPress security, was responsible for reporting the issue to the Bricks team, who quickly responded by releasing a critical update on February 13 with version 1.9.6.1 to mitigate the risk.

Despite the quick response, active exploitation of this vulnerability has been observed since February 14, with attackers disabling known security plugins and compromising sites through various malicious IP addresses.

The urgent recommendation for Bricks Builder users is to update their theme to the latest available version as soon as possible, by accessing “Appearance > Themes” in the WordPress dashboard or downloading manually from the official site.

This incident underlines the importance of keeping all WordPress components, including themes and plugins, up to date to protect websites against emerging attacks and vulnerabilities.

So you know, if you’re using Bricks Builder, it’s crucial that you update it as soon as possible and stay vigilant for any security alerts. Your proactivity is your best defense.