This popular WordPress site builder has a serious security issue — and hackers are already taking advantage

A remote code execution flaw in WordPress site builder is being actively abused

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A popularWordPress themewith tens of thousands of users carries a high severity vulnerability that allows threat actors to run malicious PHP code. The patch for the flaw has already been made available, and hackers have started targeting vulnerable sites to disable security plugins.

A security researcher alias “snicco” recently found a vulnerability in the Brick Builder Theme, a commercialwebsite builderwith some 25,000 active installations, the publication states.

The vulnerability is a remote code execution (RCE) flaw, now tracked as CVE-2024-25600, and labeled as “critical”.

Attacks ramping up

Security platform Patchstack notified the Brick Builder Theme developers of the findings, which released a fix on February 13. At the time the flaw was discovered, there was no evidence of exploitation in the wild. Still, the developers urged the users to bring the theme up to version 1.9.6.1 because as soon as the news gets out, hackers are bound to start scanning for vulnerable sites.

“As of the time of this release, there’s no evidence that this vulnerability has been exploited. However, the potential for exploitation increases the longer the update to 1.9.6.1 is delayed,” the developers said in a security advisory. “Update all your Bricks sites to the latest Bricks 1.9.6.1 as soon as possible. But at least within the next 24 hours. The earlier, the better.”

They were right, as just a day after the patch was released - on February 14 - Patchstack reported seeing exploitation attempts. Wordfence now claims at least two dozen attack attempts a day.

WordPress is the world’s most popular website builder and, as such, is a popular target for hackers. However, the platform itself is generally considered secure, with plugins - both free and commercial - being the weakest link. The good news with commercial plugins is that they’re actively maintained and flaws such as this one get fixed fast.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind