There is alarming news of active attacks on the Bricks theme for WordPress affecting more than 25,000 websites. The discovered critical security flaw, known as CVE-2024-25600 with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary PHP code on vulnerable sites.
This vulnerability affects all versions up to and including 1.9.6. The theme developers quickly responded to the issue by releasing update 1.9.6.1 on February 13, 2024, shortly after the flaw was reported by WordPress security company Snicco on February 10. However, while the proof-of-concept (PoC) exploit has not been published, the technical details of the vulnerability have been disclosed. The vulnerable code resides in the function pripravi_query_vars_from_settings()
,, which uses security tokens called “nonces” to check permissions.
Among the attacks carried out using this vulnerability, more than three dozen attempts have been identified since February 14, the day after the vulnerability was publicly disclosed. Attacks were carried out from different IP addresses, which indicates the wide interest of attackers in this flaw. WordPress and cybersecurity companies like Wordfence emphasize the importance of not relying solely on nonces for authentication, authorization, or access control. They recommend protecting functions with current_user_can()
and always consider that nonces can be compromised.
Bricks theme users are strongly encouraged to apply the latest patches to mitigate potential threats. This event is a reminder of the importance of keeping your software up to date and using cyber security best practices to protect websites from attacks.