Bricks Builder For WordPress RCE Vulnerability

Learn about the critical RCE vulnerability in Bricks Visual Site Builder for WordPress, rated 9.8/10, actively exploited. Find out how to protect your site with the latest security patch.

Bricks Builder For WordPress RCE Vulnerability
Photo by Justin Morgan / Unsplash

Bricks Visual Site Builder for WordPress recently patched a critical severity vulnerability rated 9.8/10 which is actively being exploited right now.

Bricks Builder Overview

Bricks Builder is a popular WordPress development theme known for its ability to create attractive and fast-performing websites in a short amount of time. It provides ease of use and developer components for CSS, making it a preferred choice for many developers.

Unauthenticated RCE Vulnerability

Bricks Builder is affected by a remote code execution (RCE) vulnerability, which has been rated 9.8/10 on the Common Vulnerability Scoring System (CVSS), indicating its critical severity. What makes this vulnerability particularly dangerous is that it is unauthenticated, meaning that attackers do not need to obtain permission credentials to exploit it. This allows any hacker aware of the vulnerability to execute code on affected servers.

Wordfence explains the severity of the issue, stating: "This makes it possible for unauthenticated attackers to execute code on the server."

The specific details of the vulnerability have not been publicly disclosed.

Patch and Response

The Bricks Builder team has released a mandatory security update with Bricks 1.9.6.1 to address this vulnerability promptly. They were alerted to the issue by a leading security expert in the WordPress space and worked quickly to provide a verified patch.

As stated in the official changelog, there is currently no evidence of exploitation, but the risk increases the longer users delay updating to version 1.9.6.1. The company strongly advises all users to update their Bricks sites immediately to mitigate the risk.

Active Exploitation

According to Adam J. Humphreys, founder of the web development company Making 8, the vulnerability is actively being exploited. The Bricks Builder Facebook community is actively responding to affected users, providing information on how to recover from the vulnerability and urging them to update their installations promptly.

In summary, the Bricks Builder RCE vulnerability poses a significant threat to WordPress websites using the Bricks theme. Users are strongly advised to update to version 1.9.6.1 immediately to protect their sites from potential exploitation.