A few days ago, a critical security breach interfered in one of the themes of WordPress. Several thousand sites are therefore potentially exposed to this vulnerability.
If the alternatives are more and more numerous, WordPress still remains among the best content managers for creating a website. Boasting a large community, and offering a wide choice of free plugins and themes, WordPress is today an essential solution for people wishing to start creating their website, particularly because of its ease of use. .
But, for several days, a theme has been the target of a security flaw actively exploited by hackers, likely to affect no less than 25,000 sites and whose severity was rated at 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS).
WordPress: the Bricks theme presents a significant vulnerability
On February 10, a security expert known as “Snicco” reported a flaw affecting the WordPress Bricks theme via the platform Patch stack. This tool, powered by “ a community of ethical hackers », helps identify vulnerabilities within the WordPress ecosystem (plugins, themes, websites, etc.).
Identified as CVE-2024-25600, this vulnerability allows attackers to execute arbitrary PHP code remotely, as reported to us by The Hacker News. As a result, attackers could take over a site without having the user’s credentials. Note in passing that all versions of the theme are affected until 1.9.6.
How to choose the best web host? Clubic tested and compared the 10 main web hosts in terms of performance, pricing practices, level of infrastructure reliability and quality of customer service, in order to establish a reliable comparison.
Read more
Fortunately, the theme developers were responsive and quickly released version 1.9.6.1 of Bricks, providing users with a way to protect themselves against this vulnerability.
More than 25,000 sites exposed to a critical vulnerability
As of February 13, just a few days after the first report, Bricks theme users can install the latest patches to mitigate potential threats. As of January 19, still according to information reported by The Hacker Newsnearly forty attack attempts exploiting the flaw had already been detected.
Bricks totaling approximately 25,000 active installations at the time of writing, customers of the theme have every interest in installing version 1.9.6.1 without further delay. The longer you delay its installation, the more you expose yourself to the risk that a hacker can take over your website. As a reminder, all you have to do is go to the WordPress dashboard to install the update in one click.
See the offer
8
- Quick learning
- Thousands of themes
- Almost 60,000 extensions
WordPress is the undisputed star of the web. Its ergonomics, the richness of its templates (reactive, free or paid), the myriad of extensions, its SEO capabilities are attractive. The other side of the coin is that it concentrates most of the cyberattacks and quickly becomes slow. WordPress site owners have the unfortunate tendency to accumulate unnecessary plugins, often without updating them. Depending on the needs of the company or individual, it is therefore appropriate to check the relevance of this CMS.
WordPress is the undisputed star of the web. Its ergonomics, the richness of its templates (reactive, free or paid), the myriad of extensions, its SEO capabilities are attractive. The other side of the coin is that it concentrates most of the cyberattacks and quickly becomes slow. WordPress site owners have the unfortunate tendency to accumulate unnecessary plugins, often without updating them. Depending on the needs of the company or individual, it is therefore appropriate to check the relevance of this CMS.
Source : The Hacker News
0