WordPress Bricks Builder Plugin Security Update Advisory (CVE-2024-25600)

Overview

 

An update has been made available to fix vulnerabilities in WordPress Bricks Builder. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

All versions of WordPress Bricks Builder below 1.9.6.1

 

Resolved Vulnerabilities

 

Remote code execution vulnerability in the unauthenticated state in WordPress Bricks Builder (CVE-2024-25600)

 

Vulnerability Patches

 

A vulnerability patch was made available in the February 13, 2024 update. Please update to the latest vulnerability patch version as per the reference site.

WordPress Bricks Builder version 1.9.6.1

 

Referenced Sites

 

[1] Steps to identify and repair a compromised Bricks site
https://academy.bricksbuilder.io/article/bricks-rce/
[2] 1.9.6.1 Changelog
https://bricksbuilder.io/release/bricks-1-9-6-1/
[3] Unauthenticated Remote Code Execution – Bricks <= 1.9.6
https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6