WordPress's Bricks Builder RCE Flaw - 20240220001¶
Overview¶
A critical remote code execution (RCE) vulnerability CVE-2024-25600 has been discovered in the widely used WordPress site builder, Bricks Builder. This vulnerability is actively being exploited, rendering affected websites at significant risk.
This vulnerability allows any unauthenticated user to execute arbitrary PHP code on the WordPress site.
What is vulnerable?¶
| Product(s) Affected | Severity | CVSS | |
|---|---|---|---|
| Bricks Builder versions before 1.9.6.1 | Critical | 9.8 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):