2024-02-25 23:00:54
Snicco.io, a security service provider for WordPress, published a report on February 13, 2024 about a vulnerability affecting the Bricks Builder theme of the website builder. Listed CVE-2024-25600the flaw allows remote code execution and therefore the installation of a malware. The severity of the vulnerability is rated at 9.8 out of 10 according to the CVSS standard (Common Vulnerability Scoring System), i.e. a high level of criticality.
CVE-2024-25600 affects all versions of Bricks Builder prior to 1.9.6.1. According to snicco.io, 25,000 sites were vulnerable at the time the report was published. A simple update of the theme allows you to protect the site but if the operation is carried out in one click, it is neither automatic nor offered by default.
« There is no evidence that this vulnerability was exploited. However, exploitation risk increases with delays in updating to version 1.9.6.1. We advise you to update all your Bricks sites immediately », indicated the publisher of the theme in a press release.
1708909646
#Critical #security #flaw #affects #WordPress #theme