CVE-2024-2297 – The Bricks WordPress theme has a privilege esca... (How to Fix)

Q: What is the severity of CVE-2024-2297?

CVE-2024-2297 has a CVSS score of 7.1 (HIGH). The Bricks WordPress theme has a privilege escalation vulnerability that allows authenticated attackers with contributor-level access to execute arbitrary PHP code with administrator privileges. This affects all Bricks theme versions up to 1.9.6.1 when specific configuration settings are enabled. Successful exploitation requires the Bricks Builder to be enabled for posts, contributor access to the builder, and administrator-level code execution permissions.

📋 TL;DR

The Bricks WordPress theme has a privilege escalation vulnerability that allows authenticated attackers with contributor-level access to execute arbitrary PHP code with administrator privileges. This affects all Bricks theme versions up to 1.9.6.1 when specific configuration settings are enabled. Successful exploitation requires the Bricks Builder to be enabled for posts, contributor access to the builder, and administrator-level code execution permissions.

💻 Affected Systems

Products:

Bricks WordPress Theme

Versions: All versions up to and including 1.9.6.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ✅ No

Notes: Requires three specific configuration settings to be enabled: Bricks Builder for posts, builder access for contributors, and code execution for administrators.

📦 What is this software?

Bricks by Bricksbuilder

View all CVEs affecting Bricks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover with administrator privileges leading to data theft, malware injection, defacement, or server compromise.

🟠

Likely Case

Unauthorized content modification, plugin/theme installation, or backdoor creation by malicious contributors.

🟢

If Mitigated

Limited impact if proper access controls and configuration hardening are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated contributor access and specific configuration settings. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.7

Vendor Advisory: https://bricksbuilder.io/release/bricks-1-9-7/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Update Bricks theme to version 1.9.7 or later. 4. Verify update completed successfully.

🔧 Temporary Workarounds

Disable Contributor Builder Access

all

Remove builder access for contributor-level users in Bricks settings

Disable Administrator Code Execution

all

Turn off code execution capability for administrators in Bricks settings

🧯 If You Can't Patch

Disable Bricks Builder for all posts temporarily
Revoke contributor-level user accounts or downgrade to subscriber role

🔍 How to Verify

Check if Vulnerable:

Check Bricks theme version in WordPress admin under Appearance > Themes. If version is 1.9.6.1 or earlier, the system is vulnerable.

Check Version:

WordPress admin panel: Appearance > Themes, or check /wp-content/themes/bricks/style.css version header

Verify Fix Applied:

Confirm Bricks theme version is 1.9.7 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual AJAX requests to create_autosave function
PHP code execution attempts in theme files
Unauthorized privilege escalation events

Network Indicators:

Suspicious POST requests to /wp-admin/admin-ajax.php with create_autosave action

SIEM Query:

source="wordpress" AND (action="create_autosave" OR user_role="contributor" AND event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2024-2297

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-269

EPSS Score: 0.19% exploit probability (40.4th percentile)

Published: February 27, 2025

Last Updated: March 11, 2025

🔗 References

https://bricksbuilder.io/release/bricks-1-9-7/ Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/cb075e85-75fc-4008-8270-4d1064ace29e?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2297, you might also want to check these: