Skip to content Skip to footer

WordPress Bricks Theme Under Active Attack

A severe security vulnerability has been discovered in the Bricks theme for , which is currently being exploited by malicious actors to execute arbitrary PHP code on vulnerable websites. The vulnerability, identified as -2024-25600 (with a CVSS score of 9.8), allows remote attackers to achieve without needing authentication. All versions of Bricks, including version 1.9.6 and earlier, are impacted by this flaw.

The of the Bricks theme have addressed the issue in version 1.9.6.1, which was released on February 13, 2024, shortly after the vulnerability was reported by security provider Snicco on February 10. Although no proof-of-concept (PoC) has been released, technical details have been disclosed by both Snicco and Patchstack, which suggest that the prepare_query_vars_from_settings() function is the underlying cause of the vulnerability.

The vulnerability arises from using security tokens called “nonces” for verifying permissions, which attackers can to execute arbitrary commands and take control of the website. The nonce value is publicly accessible on the front end of a site, and no appropriate role checks are applied, making it relatively easy for attackers to compromise the nonces.

has warned that nonces should not be relied upon for authentication, authorization, or access control. It recommends that developers use current_user_can() to protect their functions and assume that nonces can be compromised.

Wordfence, a security company, has reported that it has detected over 30 attack attempts exploiting the vulnerability as of February 19, 2024. The exploitation attempts started on February 14, a day after the public disclosure. Most attacks have been traced to the following IP addresses: 200.251.23[.]57, 92.118.170[.]216 103.187.5[.]128 149.202.55[.]79, 5.252.118[.]211, and 91.108.240[.]52.

The Bricks theme is estimated to have around 25,000 active installations, and users of the plugin are strongly advised to apply the latest patches as soon as possible to reduce the risk of potential threats.

Want to read more? Check out the original article available at The Hacker News!

Read More

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

- Kate: You're not in my class.
- Dade: Gimme time.
Kate & Dade

Deitasoft © 2024. All Rights Reserved.