Skip to main content

Featured

Essential Steps to Protect Your WordPress Site from Hackers

10 steps you can take to protect your WordPress   In today's digital age, the threat of hackers targeting websites is ever-present. As a WordPress site owner, it's crucial to implement robust security measures to safeguard your online presence. Here are some essential steps to protect your WordPress site from hackers: Keep WordPress Updated: Ensure that your WordPress core, themes, and plugins are always up to date. Developers frequently release updates to patch security vulnerabilities, and failing to update leaves your site susceptible to exploitation. Use Strong Passwords: Weak passwords are an open invitation to hackers. Choose complex passwords comprising a mix of uppercase and lowercase letters, numbers, and special characters. Additionally, consider using a password manager to generate and store secure passwords. Limit Login Attempts: Implement measures to restrict the number of login attempts allowed within a specified timeframe. This prevents brute force attacks whe...
Post a Comment
Read more

WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites

 

WordPress Hack

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations.

The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6.

It has been addressed by the theme developers in version 1.9.6.1 released on February 13, 2024, merely days after WordPress security provider Snicco reported the flaw on February 10.

While a proof-of-concept (PoC) exploit has not been released, technical details have been released by both Snicco and Patchstack, noting that the underlying vulnerable code exists in the prepare_query_vars_from_settings() function.

Specifically, it concerns the use of security tokens called "nonces" for verifying permissions, which can then be used to pass arbitrary commands for execution, effectively allowing a threat actor to seize control of a targeted site.

The nonce value is publicly available on the frontend of a WordPress site, Patchstack said, adding there are no adequate role checks applied.

"Nonces should never be relied on for authentication, authorization, or access control," WordPress cautions in its documentation. "Protect your functions using current_user_can(), and always assume nonces can be compromised."

WordPress security company Wordfence said it detected over three dozen attack attempts exploiting the flaw as of February 19, 2024. Exploitation attempts are said to have commenced on February 14, a day after public disclosure.

A majority of the attacks are from the following IP addresses -

  • 200.251.23[.]57
  • 92.118.170[.]216
  • 103.187.5[.]128
  • 149.202.55[.]79
  • 5.252.118[.]211
  • 91.108.240[.]52

Bricks is estimated to have around 25,000 currently active installations. Users of the plugin are recommended to apply the latest patches to mitigate potential threats.

Comments

Post a Comment