CVE-2024-25600
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Codeer Limited · Bricks Builderpublic PoCs found — 21
cve_referencegithub.com/Chocapikk/CVE-2024-25600★ 180cve_referencegithub.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT★ 57githubgithub.com/Christbowel/CVE-2024-25600_Nuclei-Template★ 31githubgithub.com/so1icitx/CVE-2024-25600★ 13githubgithub.com/Tornad0007/CVE-2024-25600-Bricks-Builder-plugin-for-WordPress★ 8githubgithub.com/hy011121/CVE-2024-25600-wordpress-Exploit-RCE★ 3githubgithub.com/X-Projetion/WORDPRESS-CVE-2024-25600-EXPLOIT-RCE★ 1githubgithub.com/meli0dasH4ck3r/cve-2024-25600★ 0githubgithub.com/ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM★ 0githubgithub.com/DedsecTeam-BlackHat/Poleposph★ 0githubgithub.com/r0otk3r/CVE-2024-25600★ 0githubgithub.com/Anjai7/TryHack3M-Bricks-Heist★ 0githubgithub.com/ranjithxploit/CVE-2024-25600★ 0githubgithub.com/h0w1tzxr/TryHack3M-Bricks-Heist★ 0githubgithub.com/estebanzarate/CVE-2024-25600-WordPress-Bricks-Builder-RCE-PoC★ 0githubgithub.com/svchostmm/CVE-2024-25600-mass★ 0githubgithub.com/NanoWraith/CVE-2024-25600★ 0githubgithub.com/WanLiChangChengWanLiChang/CVE-2024-25600★ 0githubgithub.com/KaSooMi0228/CVE-2024-25600-Bricks-Builder-WordPress★ 0githubgithub.com/diamorphine666/CVE-2024-25600★ 0githubgithub.com/Sibul-Dan-Glokta/test-task-CVE-2024-25600★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/Chocapikk/CVE-2024-25600https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIThttps://patchstack.com/articles/critical-rce-patched-in-bricks-builder-theme?_s_id=cvehttps://patchstack.com/database/vulnerability/bricks/wordpress-bricks-theme-1-9-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cvehttps://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6