Platform
wordpress
Component
bricks
Fixed in
1.9.7
CVE-2024-2297 is a privilege escalation vulnerability affecting the Bricks WordPress theme. An authenticated attacker with contributor-level access or higher can exploit this flaw to execute arbitrary PHP code with administrator privileges. This vulnerability impacts versions of the Bricks theme up to and including 1.9.6.1, and a patch is available in version 1.9.7.
Successful exploitation of CVE-2024-2297 allows an attacker to gain complete control over a WordPress site. By executing arbitrary PHP code with administrator privileges, an attacker can modify or delete content, install malicious plugins or themes, steal sensitive data (user credentials, database information), and potentially compromise the entire server. The vulnerability's reliance on specific configurations—Builder enabled for posts, Builder access for contributors, and 'Code Execution' enabled for administrators—limits its immediate impact but still presents a significant risk if these settings are in place. This is particularly concerning as many WordPress sites utilize the Bricks theme for its extensive customization options.
CVE-2024-2297 was publicly disclosed on 2025-02-27. Currently, no public proof-of-concept (POC) exploits have been released, but the vulnerability's nature and relatively straightforward exploitation path suggest a high probability of exploitation. It is not currently listed on the CISA KEV catalog. The requirement for specific configurations (Builder enabled, contributor access, code execution enabled) may limit immediate widespread exploitation, but the potential impact warrants immediate attention.
Exploit Status
EPSS
0.19% (41% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-2297 is to immediately upgrade the Bricks WordPress theme to version 1.9.7 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the Builder functionality for contributor-level users. Additionally, ensure that 'Code Execution' is disabled for administrator users within the Bricks settings. While not a complete solution, these steps can significantly reduce the attack surface. Monitor WordPress access logs for suspicious activity related to the create_autosave AJAX endpoint. After upgrading, confirm the fix by attempting to trigger the vulnerable AJAX function with a contributor account and verifying that the action is denied.
Actualice el tema Bricks a la versión 1.9.7 o superior. Esta versión corrige la vulnerabilidad de escalada de privilegios. Asegúrese de tener una copia de seguridad de su sitio web antes de realizar la actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-2297 is a vulnerability in the Bricks WordPress theme allowing authenticated contributors to execute arbitrary PHP code with administrator privileges due to insufficient validation.
You are affected if you are using the Bricks WordPress theme version 1.9.6.1 or earlier, and have enabled Builder access for contributor-level users and 'Code Execution' for administrators.
Upgrade the Bricks WordPress theme to version 1.9.7 or later. Temporarily disable Builder access for contributors and 'Code Execution' for administrators as a workaround.
While no public exploits are currently available, the vulnerability's nature suggests a high probability of exploitation.
Refer to the official Bricks WordPress website and their changelog for updates and security advisories related to CVE-2024-2297.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.