MalCare recently blocked over 26,000 remote code execution (RCE) attacks on its customer websites. These attacks exploited a vulnerability found in the popular Bricks Theme Builder. Our firewall is protecting sites as they are being updated. The theme is being actively exploited on a large scale. 

What happened

So far, MalCare has blocked 26,192 RCE attacks attempting to exploit the Bricks Theme Builder vulnerability. While there were a few attacks initially, the number increased tremendously once the vulnerability was made public, and has continued even after a patch was released.

These attacks are so serious that even a single request is enough to damage your site. Hence, we recommend you update Bricks Theme Builder on your WordPress site immediately.

What is the Bricks Theme Builder vulnerability?

Theme information

• Vulnerable theme version: 1.9.6 and earlier
• Patch release version: 1.9.6.1 and newer

About the vulnerability

Bricks is one of the most popular theme builders in the WordPress ecosystem. It boasts of the ability to add custom code (CSS, JS, HTML, PHP) to various parts of a website, which gives users much more control when it comes to customizing their sites.

The Bricks Theme Builder vulnerability stems from the improper usage of the eval() function. It allows arbitrary PHP code to be executed, which is why using it is dangerous. This function was used in many distinct methods within the plugin code, of which render_element() was the most significant one. This method is used to display previews within the custom code editor and could be used by attackers to insert malicious code into vulnerable websites and mount RCE attacks. What’s even more scary is that no privilege or expertise is required to exploit this vulnerability and hack a site. Consequently, this vulnerability has been assigned a CVSS score of 9.8 (Critical).

Meanwhile, Patchstack has reported that they are aware of a malware that exploits this vulnerability. They also believe that this malware can disable security plugins like Wordfence and Sucuri.

The vulnerability has now been fixed with the release of Bricks Theme Builder v1.9.6.1 on February 13, 2024.

Who discovered this vulnerability?

The vulnerability in the Bricks Theme Builder was discovered by researchers at Snicco, who informed the developer bricksbuilder.io on February 10, 2024. Subsequently, the developer released a patch on February 13, 2024, followed by a full disclosure of the vulnerability on February 19, 2024.

How is your WordPress site at risk?

If your WordPress site is running Bricks Theme Builder version 1.6.9 or anything older, it’s time to sit up and take notice. You’re wide open to Remote Code Execution (RCE) attacks, and trust us, you don’t want that. RCE attacks let hackers put their own malicious code onto your site from miles away, claim the throne by becoming admins, and basically have a field day doing harm.

Here’s a scary thought: What if a hacker decides to drop a piece of code on your site that’s like a secret agent, sneaking a peek at the data passing between your site’s server and your visitors? That’s not just a privacy nightmare waiting to happen but could also make people think twice about visiting your site again. And to add insult to injury, while the hacker’s code is doing its sneaky business, it could slow your site down to a crawl. That means unhappy visitors, plummeting Google rankings, and a whole lot of headaches for you.

But wait, it gets worse. If a hacker gets their hands full-on access to your site, here’s the kind of chaos they could unleash:

• They could turn your site into a zombie, attacking other sites and possibly getting you blacklisted by Google.
• Imagine your site getting hijacked to mine cryptocurrency, slowing it down, or even knocking it offline.
• Your users could start getting bombarded with spam or phishing emails, and that’s a surefire way to lose trust.
• Or picture this: your visitors are suddenly redirected to, well, let’s just say unsavory websites.
• Hackers might leave a backdoor open, so they can waltz back in any time they like, even after you’ve fixed the initial problem.
• Worst case scenario, they could trash your site so badly that you’d be left picking up the pieces, hoping you have a recent backup to restore from.

So, your agenda is crystal clear: address this security loophole right now! It’s about protecting your site as well as safeguarding your reputation and your visitors’ trust.

What are some other ways that MalCare protects your site?

A WordPress firewall is just the tip of the iceberg when it comes to what MalCare offers for keeping WordPress sites safe and sound. There’s a whole lot more to MalCare’s approach. Here’s what else it does:

• It’s like a daily health check for your site, scanning automatically to catch any sneaky malware trying to set up shop early on.
• Found some malware? No problem. MalCare comes equipped with a strong tool specifically for kicking out any malicious code that’s made its way into your site.
• If there’s a weak spot in your plugins or themes, MalCare doesn’t keep it to itself. It gives you a heads-up right away so you can patch things up fast.
• Tired of bots dragging your site down? MalCare’s got you covered there too, with tough defenses that also help speed up your site’s loading time.
• And for that extra peace of mind, MalCare throws in automatic, offsite backups, so you’ve got a safety net, making sure your site’s always ready to bounce back.