Security News > 2024 > February > Hackers exploit critical RCE flaw in Bricks WordPress site builder
Hackers are actively exploiting a critical remote code execution flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.
The Bricks Builder Theme is a premium WordPress theme described as an innovative, community-driven visual site builder.
The Patchstack platform for security vulnerabilities in WordPress received the report and notified the Bricks team.
"Update all your Bricks sites to the latest Bricks 1.9.6.1 as soon as possible. But at least within the next 24 hours. The earlier, the better," the developer urged administrators.
Bricks users are recommended to upgrade to version 1.9.3.1 immediately either by navigating "Appearance > Themes" in the WordPress dashboard and clicking "Update," or manually from here.
Exploits released for critical Jenkins RCE flaw, patch now.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Critical security hole in Apache Struts under exploit (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Premium WPLMS WordPress plugins address seven critical flaws (source)