|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-02-27 | |
| Rule Name: | WordPress Bricks Builder Unauthenticated Remote Code Execution Vulnerability (CVE-2024-25600) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Bricks Builder is a popular WordPress development theme with approximately 25,000 installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. The vulnerability stems from Bricks Builder's improper use of the eval function in PHP, allowing attackers to exploit the vulnerability to execute remote code with malicious data, ultimately gaining server permissions without authorization. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |