search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.14k stars 13.98k forks source link

Wordpress Plugin Bricks unauth RCE (CVE-2024-25600) #18867

Closed h00die closed 1 month ago

h00die commented 8 months ago

Summary

Unauth RCE in Bricks plugin for wordpress

Basic example

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/bricks/bricks-196-unauthenticated-remote-code-execution

https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6

Motivation

unauth rce is best!

Chocapikk commented 8 months ago

@h00die https://github.com/Chocapikk/CVE-2024-25600 :D

Chocapikk commented 8 months ago

PR: https://github.com/rapid7/metasploit-framework/pull/18891

Chocapikk commented 1 month ago

Hey @h00die you can close this one there is an existing module now :)

h00die commented 1 month ago

awesome, thanks! In the future you can autolink a PR to an issue and when the PR lands, it will auto close the issue. See the docs.