module
Unauthenticated RCE in Bricks Builder Theme
| Disclosed |
|---|
| Feb 19, 2024 |
Disclosed
Feb 19, 2024
Description
This module exploits an unauthenticated remote code execution vulnerability in the
Bricks Builder Theme versions to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and
exploit the eval() function usage within the theme. Successful exploitation allows for full
control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.
Bricks Builder Theme versions to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and
exploit the eval() function usage within the theme. Successful exploitation allows for full
control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.