17 matches found
Exploit for CVE-2024-25600
CVE-2024-25600 — WordPress Bricks Builder RCE PoC Unauthent...
Exploit for CVE-2024-25600
MODIFIED CVE-2024-25600 original - https://github.com/K3ysT...
Exploit for CVE-2024-25600
Bricks Builder RCE Exploit CVE-2024-25600 This project cont...
Exploit for CVE-2024-25600
Exploit Repository: CVE-2024-25600 🔥 Unauthenticated RCE Ex...
Exploit for CVE-2024-25600
CVE-2024-25600 Exploit - WordPress Bricks Builder Remote Code...
Exploit for CVE-2024-25600
TG Join Us: https://t.me/WanLiChangChengWanLiChang Join us f...
CVE-2024-25600
Improper Control of Generation of Code 'Code Injection' vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6...
CVE-2024-25600 WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6...
CVE-2024-25600 WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6...
CVE-2024-25600
Bricks Builder (WordPress) is affected up to version 1.9.6 with an unauthenticated remote code execution via the vulnerable REST endpoint /wp-json/bricks/v1/render_element. The root cause is in Bricks\Query::prepare_query_vars_from_settings where user input from the queryEditor is passed directly...
Unauthenticated RCE in Bricks Builder Theme
This module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions use exploit/multi/http/wpbricksbuilderrce msf exploitwpbricksbuilderrce show targets ...targets... msf exploitwpbricksbuilderrce set TARGET msf exploitwpbricksbuilderrce show options...
WordPress Bricks Builder Theme 1.9.6 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval...
WordPress Bricks Builder Theme 1.9.6 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unauthenticated RCE in Bricks Builder Theme', 'Description' = %q This module exploits an unauthenticated remote code execution vulnerability in t...
Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder
A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a CVSS score of 9.8, is an unauthenticated remote code execution vulnerability that...
CVE-2024-25600
creationtimestamp| type| source ---|---|--- 2024-02-20 10:17:30+00:00| exploited| https://t.me/thehackernews/4571 2024-02-20 10:44:45+00:00| exploited| Telegram/kHlRC3SWOIV4elFoTwQttUfL6OQGeloDKaQFUppAUyJ5Ww 2024-02-20 11:00:52+00:00| exploited| https://t.me/KomunitiSiber/1514 2024-02-20...
WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites
A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 CVSS score: 9.8, enables unauthenticated attackers to achieve remote code execution. It impacts all...
WordPress Bricks Builder Theme <= 1.9.6 is vulnerable to Remote Code Execution (RCE)
Software Bricks Builder Type Theme Vulnerable versions = 1.9.6 Fixed in 1.9.6.1 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-25600 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 58c6c492a8d0 Credits Snicco Required privilege...