"Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin"

According to security researchers at Patchstack, hackers are exploiting a recently patched vulnerability in the Bricks Builder plugin for WordPress to hack websites and deploy malware.  The issue tracked as CVE-2024-25600 is described as a remote code execution (RCE) flaw that can be exploited without authentication to execute arbitrary PHP code on an affected WordPress website.  The researchers noted that an analysis of the process calls revealed that no proper permissions or role checks were applied when a function handling a REST API endpoint was involved.  The researchers stated that because the function only checks for a nonce value and Bricks outputs a valid nonce in the frontend of a WordPress site, even for unauthenticated users, an attacker can easily retrieve the nonce and trigger the RCE.  The researchers noted that threat actors are already exploiting the vulnerability, and, in some cases, they deploy malware specifically designed to disable security plugins.  Bricks announced patches for the vulnerability on February 13, when Bricks Builder version 1.9.6.1 was released, urging users to update as soon as possible.  Bricks Builder is a visual site builder for WordPress that does not require technical expertise to use.  Its premium version has roughly 25,000 active installations.
 

SecurityWeek reports: "Websites Hacked via Vulnerability in Bricks Builder WordPress Plugin"