Product
An unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2024-25600) exists in the WordPress Bricks Builder Theme up to version 1.9.6, allowing attackers to exploit the 'render_element' endpoint by first extracting a nonce from the page source, then injecting PHP code to execute arbitrary operating system commands on the underlying web server, with a public exploit now available.