WordPress Bricks Builder, a popular WordPress site builder, is being actively targeted by hackers due to a critical vulnerability that allows unauthenticated attackers to perform remote code execution.
The Bricks plugin was estimated to have about 25,000 active installations when the vulnerability was disclosed
The vulnerability, tracked as CVE-2024-25600 with a CVSS score of 9.8, “anybody can run arbitrary commands and take over the site/server,” according to WordPress development and security company Snicco, which discovered the bug.
Snicco reported the vulnerability to the Bricks developers on Feb. 10, and a patch was released on Feb. 13. Technical details about the bug were first disclosed Sunday; on the same day, active exploitation of the flaw was reported by WordPress vulnerability protection company Patchstack.
Attackers targeting CVE-2024-25600 have been spotted using malware designed to disable WordPress security plugins, according to Patchstack.
Bricks Builder version 1.9.6 and all earlier versions are vulnerable to unauthenticated RCE. Bricks users must update to versions 1.9.6.1 for protection against attack.
The Bricks developers also noted that users should update any site backups to the 1.9.6.1 version, as restoring from an outdated backup could reintroduce the vulnerability.
Wordfence’s Vulnerability Database page for CVE-2024-25600 notes 36 attacks targeting the vulnerability were blocked within 24 hours, as of Feb. 19.