CVE-2024-25600

Published Jun 4, 2024

Last updated a year ago

CVSS critical 10.0
WordPress
Bricks Builder

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-25600 is a Remote Code Execution (RCE) vulnerability affecting the Bricks Builder plugin for WordPress. This vulnerability exists in versions up to and including 1.9.6. The vulnerability stems from improper handling of user input within the Bricks Builder plugin, which allows unauthenticated attackers to inject and execute arbitrary PHP code remotely on the server. Exploitation could lead to full site compromise, data theft, and potential malware distribution. A patch addressing this vulnerability has been released in Bricks Builder plugin version 1.9.6.1 or higher.

Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Source
audit@patchstack.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

audit@patchstack.com
CWE-94

Social media

Hype score
Not currently trending

  1. [ Tool ] - Mass CVE-2024-25600 🚨 Bricks <= 1.9.6 💚 https://t.co/N1fU0rNrbL

    @crypter66921

    11 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Hackers are abusing WordPress mu-plugins a hidden auto-run directory to inject malware, hijack links, and redirect users to scam sites. Also, add these to the list of 2024's major WordPress threats: CVE-2024-27956 | SQL injection CVE-2024-25600 | RCE in Bricks theme https://t

    @achi_tech

    3 Apr 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-25600 : Exploit WordPress Bricks Builder Remote Code Execution https://t.co/mItUbLoeCS

    @_iTs_sUb_

    3 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Hackers are abusing WordPress mu-plugins—a hidden auto-run directory—to inject malware, hijack links, and redirect users to scam sites. Also, add these to the list of 2024's major WordPress threats: CVE-2024-27956 | SQL injection CVE-2024-25600 | RCE in Bricks theme https://t

    @TheHackersNews

    31 Mar 2025

    13318 Impressions

    59 Retweets

    106 Likes

    19 Bookmarks

    1 Reply

    2 Quotes

  5. GitHub - so1icitx/CVE-2024-25600: CVE-2024-25600 exploit (python 3) https://t.co/Jl56Y0UZ1q

    @akaclandestine

    31 Mar 2025

    1894 Impressions

    4 Retweets

    19 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 ¡ALERTA DE SEGURIDAD! 🚨 Se ha descubierto una vulnerabilidad crítica en Docusnap (CVE-2024-25600) que podría comprometer sistemas empresariales. Si usas esta herramienta, ¡esto te interesa! 🔍👇 #Ciberseguridad #Docusnap - https://t.co/STekZUWRnE https://t.co/nZHupxmYfU

    @C1B3R53CUR1TY

    4 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. 1:05 AM Friday Night!!! Looking into CVE-2024-25600-EXPLOIT This is what passion and hard work is. And I am addicted F**k Yeah!!! Thank you @hackthebox_eu and @RealTryHackMe #WordPress

    @censoredHacker

    8 Feb 2025

    16 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References