.. / CVE-2024-25600

Exploit for WordPress Theme Bricks <= 1.9.6 - Unauthenticated Remote Code Execution (CVE-2024-25600)

Description:

Bricks Builder, a WordPress development theme with approximately 25,000 active installations, is vulnerable to unauthenticated remote code execution (RCE) in versions <= 1.9.6. Attackers can exploit this vulnerability to execute arbitrary commands and compromise the server hosting the affected WordPress site.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-25600.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-25600.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-25600
https://bricksbuilder.io/changelog/
https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6
https://github.com/Chocapikk/CVE-2024-25600