📄 WordPress Bricks 1.9.6 Remote Code Execution

Proof of concept exploit for a critical vulnerability in WordPress Bricks Builder plugin version 1.9.6 that allows unauthenticated attackers to execute arbitrary PHP code through the Bricks REST API. The attack targets the renderelement endpoint, injecting malicious instructions in the Query Edit...