Bricks 1.9.6.1 released to patch critical vulnerability in the Bricks WordPress plugin

A critical security vulnerability has been identified in all versions of Bricks Builder prior to 1.9.6.1. Bricks Builder is a visual site builder for WordPress, distinct for enabling users to construct web pages without coding, utilizing a drag-and-drop interface integrated into the theme functionality, rather than as a plugin.

Wordfence is rating its severity at 9.8 out of 10 and Patchstack is assigning it a perfect 10 out of 10.

The vulnerability is tracked as CVE-2024-25600, a Remote Code Execution (RCE) flaw, potentially allowing attackers unauthorized control over websites utilizing an affected version of Bricks.  RCE vulnerabilities rank among the most dangerous security flaws, as they permit attackers to execute arbitrary code on a website from a remote location.

The flaw was communicated to the Bricks team by the snicco security research team on February 10, 2024. Bricks acknowledged the problem immediately on the same day and swiftly acted on snicco’s recommendations to release the patch, version 1.9.6.1, by February 13, 2024.

Given the critical nature of this vulnerability, , it is imperative for website owners using Bricks to update their installations without delay.

To ensure the safety and integrity of their websites, u. This action is a critical step in preventing potential exploits and maintaining a secure online presence.

For additional details and guidance on this vulnerability and its resolution, please refer to the official Bricks Builder advisory.