Exploit for CVE-2024-25600

Name: Exploit for CVE-2024-25600
Rating: 5 (113 reviews)
2025-03-31 | CVSS 10.0
## https://sploitus.com/exploit?id=0BA63489-0647-51F0-9FB7-59DBB5DEBA29
# CVE-2024-25600 Exploit - WordPress Bricks Builder Remote Code Execution (RCE) 

An exploit script for **CVE-2024-25600**, a critical **unauthenticated Remote Code Execution (RCE)** vulnerability in the **Bricks Builder plugin** for **WordPress**. This tool detects the flaw, extracts the nonce, and provides an **interactive shell** for executing arbitrary commands on vulnerable targets. Tested on **Bricks Builder version 1.9.5**, it affects all versions up to and including **1.9.6**. This **security flaw** allows attackers to remotely inject and execute **malicious PHP code** without authentication, potentially leading to **full site compromise**, **data theft**, or **malware distribution**.

## Author
- **so1icitx**

## Features
- Tests **WordPress** sites for **CVE-2024-25600** vulnerability by fetching the nonce and verifying **RCE** capability.
- Supports single URL and bulk scanning from a file for **vulnerable Bricks Builder** instances.
- Launches an **interactive shell** for **remote command execution** on confirmed targets.
- Multi-threaded scanning (100 threads) for efficient **vulnerability detection**.
- Verbose mode for detailed output during **exploit attempts**.
- Saves **vulnerable URLs** to an output file for further analysis.

## Prerequisites
- **Python 3.6+**
- Required packages:
  ```bash
  pip install requests beautifulsoup4 prompt_toolkit
  ```

## Usage
```bash
python3 exploit.py -u <target_url> [options]
```

### Options
- `-u, --url`: Target **WordPress** URL (e.g., `http://example.com`) - required for single scan.
- `-l, --list`: Path to a file with a list of URLs for bulk **RCE scanning** (optional).
- `-o, --output`: File to save **vulnerable WordPress URLs** (optional).

### Examples
- Basic **RCE exploit**:
  ```bash
  python3 exploit.py -u http://10.10.10.10
  ```
- Bulk **vulnerability scanning**:
  ```bash
  python3 exploit.py -l targets.txt -o vulnerable.txt
  ```
- **Interactive shell** (triggered on vulnerable targets):
  ```bash
  # whoami
  # exit
  ```

## Notes
- Targets must use the **Bricks Builder plugin** with the vulnerable `/wp-json/bricks/v1/render_element` endpoint.
- Exploits a flaw in user input handling, enabling **unauthenticated attackers** to execute **arbitrary PHP code**.
- Uses 100 threads for bulk scans; adjust `max_workers` in the script for performance tweaks.
- SSL verification is disabled to handle self-signed certificates on **WordPress sites**.
- Use responsibly on authorized systems only to avoid **site compromise** or **malware risks**.
- Contact me at `so1citix.zone242@passinbox.com` for support or issues!

## Disclaimer
This tool is for **educational** and **authorized security testing** purposes only. Unauthorized exploitation of **CVE-2024-25600** is illegal and unethical.

---