Hackers attack RCE vulnerability in Brick Builder Theme for WordPress

A critical vulnerability in the Brick Builder Theme for WordPress, which allows remote execution of arbitrary PHP code on vulnerable sites, is being exploited, warn experts.

The Brick Builder Theme is a premium WordPress theme described as an innovative site builder. The product has approximately 25,000 active installations.

On February 10, 2024, a researcher known as snicco discovered a vulnerability with the identifier CVE-2024-25600, affecting the Brick Builder Theme with default configuration. The issue is related to the eval function call in prepare_query_vars_from_settings, allowing an unauthorized user to execute arbitrary PHP code.

Patchstack, a platform specializing in finding vulnerabilities in WordPress, notified the Brick Builder Theme developers of the vulnerability. As a result, a fix for CVE-2024-25600 was released on February 13, with version 1.9.6.1.

The Brick Builder Theme manufacturer reported that no evidence of exploitation by hackers has been found yet, but users are strongly advised to update to the latest version as soon as possible.

Shortly after that, Patchstack experts published a technical analysis of the new vulnerability and warned that they had already recorded active exploitation attempts that began on February 14. According to researchers, in the post-exploitation stage, attackers use malware capable of disabling protective plugins such as Wordfence and Sucuri. Most attacks were associated with the following IP addresses:

• 200.251.23.57;
• 92.118.170.216;
• 103.187.5.128;
• 149.202.55.79;
• 5.252.118.211;
• 91.108.240.52.

Wordfence also confirms that the CVE-2024-25600 issue is currently under attack and reports 24 exploitation cases in the last 24 hours. Brick Builder Theme users are urged to update to version 1.9.3.1 as soon as possible.

Attention! Our expert team offers a robust solution for the information security of your online projects, designed to effectively safeguard against vulnerabilities and ensure the utmost protection for your digital assets.

Ready to place your order? Simply drop us a message in the Frequently Asked Questions section, and we’ll get started on fulfilling your request right away!

0 / 5

Your page rank:


Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment