Share
## https://sploitus.com/exploit?id=B0AB6E05-D9BE-5D2E-A061-7DBAB0AC9EE6
# CVE-2024-25600 — WordPress Bricks Builder RCE (PoC)

Unauthenticated remote code execution vulnerability in WordPress Bricks Builder  id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
```

## References

- [CVE-2024-25600](https://nvd.nist.gov/vuln/detail/CVE-2024-25600)
- [Bricks Builder Security Advisory](https://bricksbuilder.io/security-fix-for-bricks-1-9-6-1/)
- [Wordfence writeup](https://www.wordfence.com/blog/2024/02/unauthenticated-rce-vulnerability-in-bricks-builder-theme/)

## Credits

- **Discovery:** Snicco / Calvin Alkan
- **Original exploit:** K3ysTr0K3R
- **Cleanup & simplification:** Esteban Zárate