Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

https://firewall.firm.in/wp-content/uploads/2024/02/wordpress.jpg

Feb 20, 2024NewsroomWebsite Security / PHP Code

WordPress Hack

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations.

The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6.

It has been addressed by the theme developers in version 1.9.6.1 released on February 13, 2024, merely days after WordPress security provider Snicco reported the flaw on February 10.

While a proof-of-concept (PoC) exploit has not been released, technical details have been released by both Snicco and Patchstack, noting that the underlying vulnerable code exists in the prepare_query_vars_from_settings() function.

Specifically, it concerns the use of security tokens called “nonces” for verifying permissions, which can then be used to pass arbitrary commands for execution, effectively allowing a threat actor to seize control of a targeted site.

The nonce value is publicly available on the frontend of a WordPress site, Patchstack said, adding there are no adequate role checks applied.

Cybersecurity

“Nonces should never be relied on for authentication, authorization, or access control,” WordPress cautions in its documentation. “Protect your functions using current_user_can(), and always assume nonces can be compromised.”

WordPress security company Wordfence said it detected over three dozen attack attempts exploiting the flaw as of February 19, 2024. Exploitation attempts are said to have commenced on February 14, a day after public disclosure.

A majority of the attacks are from the following IP addresses –

  • 200.251.23[.]57
  • 92.118.170[.]216
  • 103.187.5[.]128
  • 149.202.55[.]79
  • 5.252.118[.]211
  • 91.108.240[.]52

Bricks is estimated to have around 25,000 currently active installations. Users of the plugin are recommended to apply the latest patches to mitigate potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket