A critical security flaw in the Bricks theme for WordPress is becoming actively exploited by risk actors to operate arbitrary PHP code on inclined installations.
The flaw, tracked as CVE-2024-25600 (CVSS rating: 9.8), allows unauthenticated attackers to accomplish distant code execution. It impacts all variations of the Bricks up to and which include 1.9.6.
It has been dealt with by the theme developers in variation 1.9.6.1 produced on February 13, 2024, simply days immediately after WordPress security company Snicco reported the flaw on February 10.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Though a evidence-of-thought (PoC) exploit has not been introduced, specialized specifics have been introduced by both equally Snicco and Patchstack, noting that the fundamental vulnerable code exists in the prepare_question_vars_from_configurations() functionality.
Specially, it concerns the use of security tokens referred to as “nonces” for verifying permissions, which can then be used to pass arbitrary commands for execution, properly making it possible for a danger actor to seize manage of a targeted internet site.
The nonce worth is publicly available on the frontend of a WordPress website, Patchstack said, adding there are no sufficient purpose checks applied.
“Nonces ought to under no circumstances be relied on for authentication, authorization, or access management,” WordPress cautions in its documentation. “Protect your functions employing present_person_can(), and constantly assume nonces can be compromised.”
WordPress security corporation Wordfence explained it detected above three dozen attack makes an attempt exploiting the flaw as of February 19, 2024. Exploitation makes an attempt are said to have commenced on February 14, a working day immediately after public disclosure.
A majority of the attacks are from the adhering to IP addresses –
- 200.251.23[.]57
- 92.118.170[.]216
- 103.187.5[.]128
- 149.202.55[.]79
- 5.252.118[.]211
- 91.108.240[.]52
Bricks is estimated to have all-around 25,000 at present active installations. People of the plugin are suggested to apply the newest patches to mitigate opportunity threats.
Observed this posting fascinating? Observe us on Twitter and LinkedIn to go through a lot more special written content we article.
Some pieces of this report are sourced from:
thehackernews.com