WordPress

Bricks 1.9.6.1 Patches Critical RCE Vulnerability – WP Tavern

First disclosed by safety researcher Calvin Alkan of snicco, the vulnerability impacts all variations of Bricks Builder earlier than model 1.9.6.1. Recognized as a Distant Code Execution (RCE) flaw, it poses a crucial safety threat, permitting attackers to probably achieve unauthorized management over web sites working on an affected model of Bricks.

What’s Bricks?

Bricks or Bricks Builder is a visible web site builder that enables customers to create net pages on WordPress with out utilizing code via their drag-and-drop interface. In contrast to different related merchandise within the WordPress ecosystem which ship performance via plugins, the Bricks Builder makes use of the theme performance because it’s means of delivering options to customers.

Understanding RCE Vulnerabilities

RCE vulnerabilities are among the many most important sorts of safety flaws. They permit attackers to execute arbitrary code on a web site from a distant location, permitting them to manage the location, entry confidential knowledge, distribute malware, and extra.

Timeline of the Patch

The vulnerability disclosure timeline is commendable for its effectivity. The flaw was reported to Bricks by safety analysis staff snicco on February 10, 2024, marking the beginning of a swift and efficient response. Bricks acknowledged the problem on the identical day and, by February 13, had launched the patch (1.9.6.1) following snicco’s suggestions. 

Replace Extremely Really useful

Wordfence has labelled the severity of this vulnerability a 9.8 out of 10 whereas Patchstack has labelled it a ten out 10, marking it a crucial replace for web site house owners utilizing Bricks. Customers are urged to replace their installations instantly to guard their websites from potential exploits.

If you want to be taught extra about how this safety vulnerability was found, Calvin Alkan will be joining Remkus de Vries on his present for a dialogue on this and different associated safety subjects.

Leave a Reply

Your email address will not be published. Required fields are marked *