Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerability in WordPress Bricks Plug-in
Alerts

Active Exploitation of Critical Vulnerability in WordPress Bricks Plug-in

22 February 2024

WordPress has released security updates to address a critical vulnerability (CVE-2024-25600) impacting their Bricks Builder Plug-in. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10 and is reportedly being actively exploited.

Successful exploitation of the vulnerability may allow an attacker to perform remote code execution and gain control of the server.

The vulnerability affects Bricks Builder versions 1.9.6 and earlier.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://op-c.net/blog/cve-2024-25600-wordpresss-bricks-builder-rce-flaw-under-active-exploitation/

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-rce-flaw-in-bricks-wordpress-site-builder/

https://www.scmagazine.com/news/wordpress-plugin-under-attack-bricks-builder-bug-enables-rce