Security News > 2024 > February > Hackers exploit critical RCE flaw in Bricks WordPress site builder

Hackers are actively exploiting a critical remote code execution flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.
The Bricks Builder Theme is a premium WordPress theme described as an innovative, community-driven visual site builder.
The Patchstack platform for security vulnerabilities in WordPress received the report and notified the Bricks team.
"Update all your Bricks sites to the latest Bricks 1.9.6.1 as soon as possible. But at least within the next 24 hours. The earlier, the better," the developer urged administrators.
Bricks users are recommended to upgrade to version 1.9.3.1 immediately either by navigating "Appearance > Themes" in the WordPress dashboard and clicking "Update," or manually from here.
Exploits released for critical Jenkins RCE flaw, patch now.
News URL
Related news
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)