Skip to content
/ CVE-2024-25600 Public

Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes arbitrary code remotely.

License

MIT license
12 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

so1icitx/CVE-2024-25600

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
IF OTHER DOESNT WORK TRY THIS.py
IF OTHER DOESNT WORK TRY THIS.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

CVE-2024-25600 Exploit - WordPress Bricks Builder Remote Code Execution (RCE)

An exploit script for CVE-2024-25600, a critical unauthenticated Remote Code Execution (RCE) vulnerability in the Bricks Builder plugin for WordPress. This tool detects the flaw, extracts the nonce, and provides an interactive shell for executing arbitrary commands on vulnerable targets. Tested on Bricks Builder version 1.9.5, it affects all versions up to and including 1.9.6. This security flaw allows attackers to remotely inject and execute malicious PHP code without authentication, potentially leading to full site compromise, data theft, or malware distribution.

Author

  • so1icitx

Features

  • Tests WordPress sites for CVE-2024-25600 vulnerability by fetching the nonce and verifying RCE capability.
  • Supports single URL and bulk scanning from a file for vulnerable Bricks Builder instances.
  • Launches an interactive shell for remote command execution on confirmed targets.
  • Multi-threaded scanning (100 threads) for efficient vulnerability detection.
  • Verbose mode for detailed output during exploit attempts.
  • Saves vulnerable URLs to an output file for further analysis.

Prerequisites

  • Python 3.6+
  • Required packages: 
    pip install requests beautifulsoup4 prompt_toolkit

Usage

python3 exploit.py -u <target_url> [options]

Options

  • -u, --url: Target WordPress URL (e.g., http://example.com) - required for single scan.
  • -l, --list: Path to a file with a list of URLs for bulk RCE scanning (optional).
  • -o, --output: File to save vulnerable WordPress URLs (optional).

Examples

  • Basic RCE exploit: 
    python3 exploit.py -u http://10.10.10.10
  • Bulk vulnerability scanning: 
    python3 exploit.py -l targets.txt -o vulnerable.txt
  • Interactive shell (triggered on vulnerable targets): 
    # whoami
# exit

Notes

  • Targets must use the Bricks Builder plugin with the vulnerable /wp-json/bricks/v1/render_element endpoint.
  • Exploits a flaw in user input handling, enabling unauthenticated attackers to execute arbitrary PHP code.
  • Uses 100 threads for bulk scans; adjust max_workers in the script for performance tweaks.
  • SSL verification is disabled to handle self-signed certificates on WordPress sites.
  • Use responsibly on authorized systems only to avoid site compromise or malware risks.
  • Contact me at so1citix.zone242@passinbox.com for support or issues!

Disclaimer

This tool is for educational and authorized security testing purposes only. Unauthorized exploitation of CVE-2024-25600 is illegal and unethical.

About

Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes arbitrary code remotely.

Topics

wordpress wordpress-plugin exploit hacking python3 rce vulnerability pentesting python-3 security-research security-researcher remote-code-execution rce-exploit bricksbuilder bricks-builder cve-2024-25600

Resources

Readme

License

MIT license
Activity

Stars

12 stars

Watchers

0 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages