CVE-2024-25600: WordPress Bricks Theme Under Active Attack: Critical 25,000+ Sites

CVE-2024-25600: Safeguarding Your WordPress Experience

In the expansive WordPress ecosystem, the critical vulnerability labeled CVE-2024-25600 casts a shadow over Bricks Builder, a popular WordPress website builder. This flaw, categorized as a Remote Code Execution (RCE) vulnerability, is not merely theoretical—it’s actively exploited, posing a substantial risk to websites leveraging this theme.

Key Details:

• CVE ID: CVE-2024-25600
• CVSS Score: 9.8 (Critical)
• Affected Software: Bricks Builder for WordPress
• Vulnerable Versions: All versions before 1.9.6.1
• Impact: Unauthenticated remote code execution

Bricks Builder, a widely adopted WordPress development theme boasting approximately 25,000 active installations, falls victim to this vulnerability. Unauthenticated attackers can exploit it to execute arbitrary PHP code on susceptible installations.

The theme developers swiftly addressed this issue with the release of version 1.9.6.1 on February 13, 2024, mere days after security provider Snicco flagged the flaw on February 10. While no proof-of-concept exploit has surfaced, both Snicco and Patchstack have unveiled technical details. The vulnerable code lies within the prepare_query_vars_from_settings() function, entangled with the use of security tokens known as “nonces” to verify permissions. These “nonces” can be manipulated to pass arbitrary commands, providing an avenue for attackers to seize control of a targeted site. Notably, the “nonce” value is publicly available on a WordPress site’s frontend, lacking proper role checks. WordPress emphasizes the unreliability of “nonces” for authentication, authorization, or access control and advocates safeguarding functions using current_user_can(), assuming “nonces” can be compromised.

For users embracing the Bricks theme, prompt application of the latest patches is strongly advised to mitigate potential threats. Your site’s security is paramount.

Verifying and Safeguarding Your Website Against CVE-2024-25600: Bricks Builder Vulnerability

To determine if your website is susceptible to the CVE-2024-25600 vulnerability in the Bricks Builder theme, follow these steps:

1. Check Bricks Builder Version:
   • Access your WordPress site’s admin panel.
   • Navigate to the “Themes” section.
   • Locate Bricks Builder in the list of installed themes.
   • Verify the current version. If it’s below 1.9.6.1, your site may be at risk.
2. Update the Theme:
   • If you’re using a vulnerable version, update the theme to the latest available version (1.9.6.1 or higher).
   • Visit the “Updates” section in the WordPress admin panel.
   • Search for updates for the Bricks Builder theme and apply them.
3. Check Activity Logs:
   • Some security plugins or activity logs may display exploitation attempts or suspicious activity.
   • Examine logs for signs of Remote Code Execution (RCE) attempts or activity related to CVE-2024-25600.
4. Scan Your Website:
   • Utilize security scanning tools like Wordfence, Sucuri, or Nessus to identify known vulnerabilities.
   • These tools can determine if your website is using a vulnerable version of Bricks Builder.
5. Monitor Your Website:
   • Stay vigilant for security updates and news related to CVE-2024-25600.
   • Consider implementing a Web Application Firewall (WAF) to fortify your site against potential attacks.

How to mitigate the impact

To safeguard against the CVE-2024-25600 vulnerability in the Bricks Builder theme, take the following measures:

Ensure you’re using the latest version of Bricks Builder (1.9.6.1 or higher).

1. Update the Theme:
   • Ensure you’re using the latest version of Bricks Builder (1.9.6.1 or higher).
   • Navigate to the WordPress admin panel and check for theme updates.
   • If an update is available, apply it promptly.
2. Check Activity Logs:
   • Review security or activity logs for signs of exploitation attempts or suspicious activity related to CVE-2024-25600.
   • If anything unusual is detected, conduct a thorough investigation and take necessary actions.
3. Scan Your Website:
   • Leverage security scanning tools like Wordfence, Sucuri, or Nessus.
   • These tools can identify if your website is using a vulnerable version of Bricks Builder.
   • If any vulnerabilities are detected, follow the recommendations provided by the security tool.
4. Implement a Web Application Firewall (WAF):
   • A WAF can fortify your website against malicious attacks.
   • Configure specific rules to block known exploitation attempts.
5. Stay Informed:
   • Follow security updates related to CVE-2024-25600.
   • Keep an eye on WordPress security advisories and news.