Security for everyone

CVE-2024-25600 Scanner

Detects 'Unauthenticated Remote Code Execution' vulnerability in Bricks Builder affects v. <= 1.9.6.

SCAN NOW

Short Info


Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2024-25600 Scanner Detail

Bricks Builder is a WordPress development theme with approximately 25,000 active installations, providing a user-friendly drag-and-drop interface for designing WordPress websites. It is widely used by developers and website designers to create custom layouts and designs for WordPress sites, enhancing their visual appeal and functionality.

The vulnerability detected in Bricks Builder <= 1.9.6 is an unauthenticated remote code execution (RCE) flaw. This vulnerability allows attackers to execute arbitrary commands on the target server without requiring authentication, potentially leading to complete compromise of the WordPress site or server hosting it.

The vulnerability resides in the '/wp-json/bricks/v1/render_element' endpoint of Bricks Builder, where it fails to properly sanitize user-supplied input. By crafting a specially-crafted POST request with malicious payloads in the 'queryEditor' parameter, attackers can inject and execute arbitrary PHP code on the server, leading to remote code execution.

Exploiting this vulnerability enables attackers to execute arbitrary commands on the target server, allowing them to take full control of the WordPress site or server. This could lead to various malicious activities, including data theft, website defacement, installation of malware or backdoors, and further compromise of other systems hosted on the same server.

By leveraging the security scanning capabilities of the securityforeveryone platform, you can detect critical vulnerabilities like Unauthenticated Remote Code Execution (RCE) in Bricks Builder before they are exploited by malicious actors. Join our platform to proactively protect your WordPress sites and ensure their security against RCE attacks.

 

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture