Close Menu
    Indexed Pages

    Critical flaw affects more than 25,000 sites

    techempireBy Updated:3 Comments2 Mins Read

    ReportFebruary 20, 2024Editorial DepartmentWebsite Security/PHP Code

    WordPress Hacks

    A critical security vulnerability in the WordPress Bricks theme is being actively exploited by threat actors to execute arbitrary PHP code on vulnerable installations.

    This vulnerability, tracked as CVE-2024-25600 (CVSS score: 9.8), allows an unauthenticated attacker to remotely execute code. It affects all versions of Bricks (including 1.9.6).

    The theme developers have fixed the issue in version 1.9.6.1, released on February 13, 2024, just days after WordPress security provider Snicco reported the vulnerability on February 10.

    While a proof-of-concept (PoC) vulnerability has not yet been released, both Snicco and Patchstack have released technical details and pointed out that potentially vulnerable code exists in the prepare_query_vars_from_settings() function.

    Specifically, it involves using a security token called a “nonce” to verify permissions, which can then be used to pass arbitrary commands for execution, effectively allowing threat actors to seize control of a target website.

    Patchstack said the random values ​​were publicly available on the front-end of the WordPress site, adding that insufficient role checks were applied.

    Internet security

    “You should never rely on nonce numbers for authentication, authorization, or access control,” WordPress warns in its documentation. “Use current_user_can() to protect your functions, and always assume that nonce numbers can be compromised.”

    WordPress security company Wordfence said that as of February 19, 2024, it had detected more than three dozen attack attempts to exploit the vulnerability. Attempts to exploit the vulnerability allegedly began on February 14, the day after the public disclosure.

    Most attacks come from the following IP addresses –

    • 200.251.23[.]57
    • 92.118.170[.]216
    • 103.187.5[.]128
    • 149.202.55[.]79
    • 5.252.118[.]211
    • 91.108.240[.]52

    It is estimated that Bricks currently has around 25,000 active installations. Users of this plugin are advised to apply the latest patches to mitigate potential threats.

    Did you find this article interesting?follow us Twitter and LinkedIn to read more exclusive content from us.



    Source link

    Share.

    Related Posts

    3 Comments

    1. Pingback: Critical flaw affects more than 25,000 sites – Tech Empire Solutions

    2. Pingback: Critical flaw affects more than 25,000 sites – Mary Ashley

    3. Pingback: Critical flaw affects more than 25,000 sites – Paxton Willson

    Leave A Reply