Bricks WordPress Builder RCE Flaw Targeted by Hackers

A critical vulnerability in the Bricks Builder theme for WordPress, tracked as CVE-2024-25600, has been actively exploited by hackers. The flaw, affecting over 25,000 websites, allows unauthenticated attackers to execute arbitrary PHP code on a site or server. It was discovered by a security researcher named Calvin Alkan and has since been reported to the Patchstack bug bounty program.

The vulnerability has been rated 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), highlighting its severity. It stems from an eval function call in the 'prepare_query_vars_from_settings' function, which could potentially allow an unauthenticated user to execute arbitrary PHP code.

The issue was promptly addressed by the Bricks team, who released a security update on February 13 that patches the vulnerability. "We just released a mandatory security update with Bricks 1.9.6.1," the Bricks team announced.

Despite the quick response from the Bricks team, active exploitation of the vulnerability began on February 14, just a day after the patch was released. Attackers have been using the exploit to deploy malware that can disable security plugins like Wordfence and Sucuri, further compromising affected websites. Website administrators using the Bricks Builder theme are strongly advised to update to the latest version immediately to mitigate the risk of exploitation.

Even after updating, it is recommended to check for signs of compromise, as attackers may have exploited the vulnerability before the patch was applied.

This incident serves as a reminder of the ongoing threat posed by vulnerabilities in WordPress themes and plugins. We have highlighted previous incidents of WordPress plugins putting sites at risk, with as many as 200,000 websites affected in an incident last year. There is a critical need for website administrators to remain vigilant, regularly update their software, and implement robust security measures to protect against such threats.