CVE-2024-25600

This repository contains a functional exploit for CVE-2024-25600, an unauthenticated remote code execution vulnerability in the Bricks Builder WordPress plugin. The exploit automates nonce retrieval and command execution via crafted JSON payloads targeting the `/wp-json/bricks/v1/render_element` endpoint.

This is a functional exploit for CVE-2024-25600, targeting WordPress Bricks Builder plugin versions up to 1.9.6. It achieves unauthenticated remote code execution by injecting PHP code via the `render_element` REST API endpoint.

This repository provides a Nuclei template and PoC for CVE-2024-25600, an unauthenticated RCE vulnerability in the Bricks theme for WordPress. The PoC demonstrates how to execute arbitrary code via a crafted JSON payload to the `render_element` endpoint.

This is a functional exploit for CVE-2024-25600, targeting an unauthenticated RCE vulnerability in Bricks Builder (WordPress) <= 1.9.6 via the render_element endpoint. It includes nonce extraction, command execution, and an interactive shell.

This repository contains a functional exploit for CVE-2024-25600, an unauthenticated RCE vulnerability in the Bricks Builder WordPress plugin. The exploit automates nonce retrieval and command execution via crafted JSON payloads to the `/wp-json/bricks/v1/render_element` endpoint.

The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-25600, with descriptions, PoC examples, and mitigation recommendations. It does not include functional exploit code but provides in-depth analysis and references to external PoCs.

This repository contains a functional exploit for CVE-2024-25600, targeting a vulnerability in the Bricks Builder WordPress plugin. The exploit leverages a command injection flaw in the plugin's render_element endpoint to achieve remote code execution (RCE).

This is a functional exploit for CVE-2024-25600, targeting a WordPress Bricks Builder RCE vulnerability. It fetches a nonce, crafts a malicious payload, and checks for successful exploitation by detecting a specific string in the response.

This repository contains a functional Python exploit for CVE-2024-25600, an unauthenticated remote code execution vulnerability in WordPress Bricks Builder <= 1.9.6. The exploit fetches a nonce, confirms vulnerability via a test payload, and provides an interactive shell by injecting commands through the render endpoint.

This repository contains a Python-based exploit for CVE-2024-25600, targeting WordPress Bricks Builder theme versions ≤ 1.9.6. It provides an interactive shell with file transfer capabilities and multiple payload types for unauthenticated RCE.

This is a functional Python exploit for CVE-2024-25600, targeting a WordPress Bricks Builder plugin vulnerability that allows unauthenticated remote code execution via improper input handling in the `render_element` function. It includes automated nonce extraction and an interactive shell for command execution.

This is a technical walkthrough of exploiting CVE-2024-25600, a WordPress Bricks theme RCE vulnerability. It includes enumeration steps, exploitation using an external PoC, and post-exploitation commands.

This repository contains a Python-based exploit for CVE-2024-25600, targeting a Remote Code Execution (RCE) vulnerability in the Bricks Builder WordPress plugin. The exploit automates nonce extraction, payload injection, and command execution via a vulnerable REST API endpoint, with additional analysis tools for parsing results and IP geolocation.

This is a functional exploit for CVE-2024-25600, targeting WordPress Bricks Builder. It fetches a nonce, verifies vulnerability, and provides an interactive shell for RCE via PHP code injection.

This repository contains a Python-based vulnerability scanner for detecting CVE-2024-25600 in the Bricks Builder WordPress plugin. It uses asynchronous requests to fetch nonces and test for vulnerability, with an interactive shell for further analysis.

This repository contains a functional Python exploit for CVE-2024-25600, an unauthenticated RCE vulnerability in WordPress Bricks Builder <= 1.9.6. The exploit leverages the `render_element` endpoint to execute arbitrary commands via a crafted JSON payload.

This repository contains a functional exploit for CVE-2024-25600, targeting a vulnerability in the Bricks theme for WordPress. The exploit leverages a REST API endpoint to achieve remote code execution (RCE) by injecting malicious payloads into query settings.

This repository contains a functional exploit for CVE-2024-25600, an unauthenticated RCE vulnerability in the Bricks WordPress theme. The exploit leverages the `render_element` endpoint to inject malicious PHP code via crafted JSON payloads, achieving command execution.

This repository contains a functional exploit for CVE-2024-25600, an unauthenticated RCE vulnerability in the Bricks theme for WordPress. The exploit leverages the `wp-json/bricks/v1/render_element` endpoint to inject malicious PHP code via the `queryEditor` parameter, achieving remote command execution.

This is a functional exploit for CVE-2024-25600, an unauthenticated RCE vulnerability in the Bricks theme for WordPress. It leverages the `render_element` endpoint to execute arbitrary commands via crafted JSON payloads.

This repository contains a functional exploit for CVE-2024-25600, an unauthenticated RCE vulnerability in the Bricks Builder WordPress plugin. The exploit automates nonce retrieval and command execution via crafted JSON payloads to the `/wp-json/bricks/v1/render_element` endpoint.

This is a functional exploit PoC for CVE-2024-25600, targeting a remote code execution (RCE) vulnerability in the WordPress Bricks Builder plugin. The script automates the exploitation process by extracting a nonce value and sending crafted payloads to trigger command execution.

This PoC exploits CVE-2024-25600, a vulnerability in the Bricks theme for WordPress, allowing unauthenticated remote code execution via the `render_element` REST API endpoint. It retrieves a nonce, crafts a malicious payload, and verifies execution by checking for a specific string in the response.

This is a functional exploit for CVE-2024-25600, targeting the Bricks theme for WordPress. It leverages an authentication bypass and RCE via a crafted JSON payload to the Bricks REST API endpoint.

This repository contains a functional Python exploit for CVE-2024-25600, targeting a vulnerability in the Bricks theme for WordPress. The exploit retrieves a nonce from the target site and sends a crafted POST request to execute arbitrary PHP code via the 'render_element' endpoint.

This Metasploit module exploits an unauthenticated RCE vulnerability in the Bricks Builder Theme for WordPress by leaking a nonce and abusing an eval() function to execute arbitrary PHP code.