Security News > 2024 > February > Hackers exploit critical RCE flaw in Bricks WordPress site builder
Hackers are actively exploiting a critical remote code execution flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.
The Bricks Builder Theme is a premium WordPress theme described as an innovative, community-driven visual site builder.
The Patchstack platform for security vulnerabilities in WordPress received the report and notified the Bricks team.
"Update all your Bricks sites to the latest Bricks 1.9.6.1 as soon as possible. But at least within the next 24 hours. The earlier, the better," the developer urged administrators.
Bricks users are recommended to upgrade to version 1.9.3.1 immediately either by navigating "Appearance > Themes" in the WordPress dashboard and clicking "Update," or manually from here.
Exploits released for critical Jenkins RCE flaw, patch now.
News URL
Related news
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Critical zero-days impact premium WordPress real estate plugins (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)