https://github.com/so1icitx/cve-2024-25600
Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes arbitrary code remotely.
https://github.com/so1icitx/cve-2024-25600
bricks-builder bricksbuilder cve-2024-25600 exploit hacking pentesting python-3 python3 rce rce-exploit remote-code-execution security-research security-researcher vulnerability wordpress wordpress-plugin
Last synced: about 1 month ago
JSON representation
Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes arbitrary code remotely.
- Host: GitHub
- URL: https://github.com/so1icitx/cve-2024-25600
- Owner: so1icitx
- License: mit
- Created: 2025-03-31T05:44:43.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2025-04-05T16:28:22.000Z (about 1 month ago)
- Last Synced: 2025-04-08T10:51:38.890Z (about 1 month ago)
- Topics: bricks-builder, bricksbuilder, cve-2024-25600, exploit, hacking, pentesting, python-3, python3, rce, rce-exploit, remote-code-execution, security-research, security-researcher, vulnerability, wordpress, wordpress-plugin
- Language: Python
- Homepage:
- Size: 23.4 KB
- Stars: 8
- Watchers: 1
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# CVE-2024-25600 Exploit - WordPress Bricks Builder Remote Code Execution (RCE)
An exploit script for **CVE-2024-25600**, a critical **unauthenticated Remote Code Execution (RCE)** vulnerability in the **Bricks Builder plugin** for **WordPress**. This tool detects the flaw, extracts the nonce, and provides an **interactive shell** for executing arbitrary commands on vulnerable targets. Tested on **Bricks Builder version 1.9.5**, it affects all versions up to and including **1.9.6**. This **security flaw** allows attackers to remotely inject and execute **malicious PHP code** without authentication, potentially leading to **full site compromise**, **data theft**, or **malware distribution**.
## Author
- **so1icitx**
## Features
- Tests **WordPress** sites for **CVE-2024-25600** vulnerability by fetching the nonce and verifying **RCE** capability.
- Supports single URL and bulk scanning from a file for **vulnerable Bricks Builder** instances.
- Launches an **interactive shell** for **remote command execution** on confirmed targets.
- Multi-threaded scanning (100 threads) for efficient **vulnerability detection**.
- Verbose mode for detailed output during **exploit attempts**.
- Saves **vulnerable URLs** to an output file for further analysis.
## Prerequisites
- **Python 3.6+**
- Required packages:
```bash
pip install requests beautifulsoup4 prompt_toolkit
```
## Usage
```bash
python3 exploit.py -u [options]
```
### Options
- `-u, --url`: Target **WordPress** URL (e.g., `http://example.com`) - required for single scan.
- `-l, --list`: Path to a file with a list of URLs for bulk **RCE scanning** (optional).
- `-o, --output`: File to save **vulnerable WordPress URLs** (optional).
### Examples
- Basic **RCE exploit**:
```bash
python3 exploit.py -u http://10.10.10.10
```
- Bulk **vulnerability scanning**:
```bash
python3 exploit.py -l targets.txt -o vulnerable.txt
```
- **Interactive shell** (triggered on vulnerable targets):
```bash
# whoami
# exit
```
## Notes
- Targets must use the **Bricks Builder plugin** with the vulnerable `/wp-json/bricks/v1/render_element` endpoint.
- Exploits a flaw in user input handling, enabling **unauthenticated attackers** to execute **arbitrary PHP code**.
- Uses 100 threads for bulk scans; adjust `max_workers` in the script for performance tweaks.
- SSL verification is disabled to handle self-signed certificates on **WordPress sites**.
- Use responsibly on authorized systems only to avoid **site compromise** or **malware risks**.
- Contact me at `[email protected]` for support or issues!
## Disclaimer
This tool is for **educational** and **authorized security testing** purposes only. Unauthorized exploitation of **CVE-2024-25600** is illegal and unethical.
---