This popular WordPress site builder has a serious security issue — and hackers are already taking advantage

News
By Sead Fadilpašić
published

A remote code execution flaw in WordPress site builder is being actively abused

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
(Image credit: Shutterstock/monticello)

A popular WordPress theme with tens of thousands of users carries a high severity vulnerability that allows threat actors to run malicious PHP code. The patch for the flaw has already been made available, and hackers have started targeting vulnerable sites to disable security plugins.

A security researcher alias “snicco” recently found a vulnerability in the Brick Builder Theme, a commercial website builder with some 25,000 active installations, the publication states.

The vulnerability is a remote code execution (RCE) flaw, now tracked as CVE-2024-25600, and labeled as “critical”.

Attacks ramping up

Security platform Patchstack notified the Brick Builder Theme developers of the findings, which released a fix on February 13. At the time the flaw was discovered, there was no evidence of exploitation in the wild. Still, the developers urged the users to bring the theme up to version 1.9.6.1 because as soon as the news gets out, hackers are bound to start scanning for vulnerable sites.

“As of the time of this release, there’s no evidence that this vulnerability has been exploited. However, the potential for exploitation increases the longer the update to 1.9.6.1 is delayed,” the developers said in a security advisory. “Update all your Bricks sites to the latest Bricks 1.9.6.1 as soon as possible. But at least within the next 24 hours. The earlier, the better.” 

They were right, as just a day after the patch was released - on February 14 - Patchstack reported seeing exploitation attempts. Wordfence now claims at least two dozen attack attempts a day. 

WordPress is the world’s most popular website builder and, as such, is a popular target for hackers. However, the platform itself is generally considered secure, with plugins - both free and commercial - being the weakest link. The good news with commercial plugins is that they’re actively maintained and flaws such as this one get fixed fast.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.