Security News > 2024 > February > WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites
2024-02-20 09:08
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. It has been addressed by the theme developers in&
News URL
https://thehackernews.com/2024/02/wordpress-bricks-theme-under-active.html
Related news
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Premium WPLMS WordPress plugins address seven critical flaws (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Unpatched critical flaws impact Fancy Product Designer WordPress plugin (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2024-25600 | Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | 0.0 |