Security News > 2024 > February > Hackers exploit critical RCE flaw in Bricks WordPress site builder
Hackers are actively exploiting a critical remote code execution flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.
The Bricks Builder Theme is a premium WordPress theme described as an innovative, community-driven visual site builder.
The Patchstack platform for security vulnerabilities in WordPress received the report and notified the Bricks team.
"Update all your Bricks sites to the latest Bricks 1.9.6.1 as soon as possible. But at least within the next 24 hours. The earlier, the better," the developer urged administrators.
Bricks users are recommended to upgrade to version 1.9.3.1 immediately either by navigating "Appearance > Themes" in the WordPress dashboard and clicking "Update," or manually from here.
Exploits released for critical Jenkins RCE flaw, patch now.
News URL
Related news
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Exploit available for new critical TeamCity auth bypass bug, patch now (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT (source)
- Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Aiohttp bug to find vulnerable networks (source)
- WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw (source)