{"id":1157456,"date":"2024-02-20T09:00:28","date_gmt":"2024-02-20T11:00:28","guid":{"rendered":"https:\/\/teknomers.com\/fr\/theme-wordpress-bricks-sous-attaque-active-une-faille-critique-affecte-plus-de-25-000-sites\/"},"modified":"2024-02-20T09:00:36","modified_gmt":"2024-02-20T11:00:36","slug":"theme-wordpress-bricks-sous-attaque-active-une-faille-critique-affecte-plus-de-25-000-sites","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/theme-wordpress-bricks-sous-attaque-active-une-faille-critique-affecte-plus-de-25-000-sites\/","title":{"rendered":"Th\u00e8me WordPress Bricks sous attaque active\u00a0: une faille critique affecte plus de 25 000 sites"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">20 f\u00e9vrier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 du site Web \/ Code PHP<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/Theme-WordPress-Bricks-sous-attaque-active-une-faille-critique-affecte.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Une faille de s\u00e9curit\u00e9 critique dans le th\u00e8me Bricks pour WordPress est activement exploit\u00e9e par des acteurs malveillants pour ex\u00e9cuter du code PHP arbitraire sur des installations sensibles.<\/p>\n<p>La faille, identifi\u00e9e comme CVE-2024-25600 (score CVSS : 9,8), permet \u00e0 des attaquants non authentifi\u00e9s d&#8217;ex\u00e9cuter du code \u00e0 distance.  Cela affecte toutes les versions des Bricks jusqu\u2019\u00e0 la 1.9.6 incluse.<\/p>\n<p>Il a \u00e9t\u00e9 r\u00e9solu par les d\u00e9veloppeurs de th\u00e8mes dans <a rel=\"nofollow noopener\" href=\"https:\/\/bricksbuilder.io\/release\/bricks-1-9-6-1\/\" target=\"_blank\">version 1.9.6.1<\/a> publi\u00e9 le 13 f\u00e9vrier 2024, quelques jours seulement apr\u00e8s que le fournisseur de s\u00e9curit\u00e9 WordPress Snicco a signal\u00e9 la faille le 10 f\u00e9vrier.<\/p>\n<p>Bien qu&#8217;aucun exploit de preuve de concept (PoC) n&#8217;ait \u00e9t\u00e9 publi\u00e9, les d\u00e9tails techniques ont \u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/snicco.io\/vulnerability-disclosure\/bricks\/unauthenticated-rce-in-bricks-1-9-6\" target=\"_blank\">lib\u00e9r\u00e9<\/a> par Snicco et Patchstack, notant que le code vuln\u00e9rable sous-jacent existe dans la fonction prepare_query_vars_from_settings().<\/p>\n<p>Plus pr\u00e9cis\u00e9ment, cela concerne l&#8217;utilisation de jetons de s\u00e9curit\u00e9 appel\u00e9s \u00ab\u00a0nonces\u00a0\u00bb pour v\u00e9rifier les autorisations, qui peuvent ensuite \u00eatre utilis\u00e9s pour transmettre des commandes arbitraires \u00e0 ex\u00e9cuter, permettant ainsi \u00e0 un acteur mena\u00e7ant de prendre le contr\u00f4le d&#8217;un site cibl\u00e9.<\/p>\n<p>La valeur occasionnelle est publiquement disponible sur le frontend d&#8217;un site WordPress, Patchstack <a rel=\"nofollow noopener\" href=\"https:\/\/patchstack.com\/articles\/critical-rce-patched-in-bricks-builder-theme\/\" target=\"_blank\">dit<\/a>ajoutant qu&#8217;aucune v\u00e9rification de r\u00f4le ad\u00e9quate n&#8217;est appliqu\u00e9e.<\/p>\n<div class=\"check_two clear bobbob\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thehackernews.uk\/delinea728\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/1708012425_568_Les-pirates-informatiques-russes-de-Turla-ciblent-les-ONG-polonaises.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>\u00ab\u00a0Il ne faut jamais se fier aux sources occasionnelles pour l&#8217;authentification, l&#8217;autorisation ou le contr\u00f4le d&#8217;acc\u00e8s\u00a0\u00bb, WordPress <a rel=\"nofollow noopener\" href=\"https:\/\/developer.wordpress.org\/apis\/security\/nonces\/\" target=\"_blank\">mises en garde<\/a> dans sa documentation.  &#8220;Prot\u00e9gez vos fonctions en utilisant current_user_can() et supposez toujours que les objets occasionnels peuvent \u00eatre compromis.&#8221;<\/p>\n<p>Soci\u00e9t\u00e9 de s\u00e9curit\u00e9 WordPress Wordfence <a rel=\"nofollow noopener\" href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-themes\/bricks\/bricks-196-unauthenticated-remote-code-execution\" target=\"_blank\">dit<\/a> il a d\u00e9tect\u00e9 plus de trois douzaines de tentatives d&#8217;attaque exploitant la faille au 19 f\u00e9vrier 2024. Les tentatives d&#8217;exploitation auraient commenc\u00e9 le 14 f\u00e9vrier, un jour apr\u00e8s la divulgation publique.<\/p>\n<p>La majorit\u00e9 des attaques proviennent des adresses IP suivantes\u00a0:<\/p>\n<ul>\n<li>200.251.23[.]57<\/li>\n<li>92.118.170[.]216<\/li>\n<li>103.187.5[.]128<\/li>\n<li>149.202.55[.]79<\/li>\n<li>5.252.118[.]211<\/li>\n<li>91.108.240[.]52<\/li>\n<\/ul>\n<p>On estime que Bricks compte environ 25 000 installations actuellement actives.  Il est recommand\u00e9 aux utilisateurs du plugin d&#8217;appliquer les derniers correctifs pour att\u00e9nuer les menaces potentielles.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/02\/wordpress-bricks-theme-under-active.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80220 f\u00e9vrier 2024\ue804R\u00e9dactionS\u00e9curit\u00e9 du site Web \/ Code PHP Une faille de s\u00e9curit\u00e9 critique dans le th\u00e8me Bricks pour WordPress est activement exploit\u00e9e par des acteurs malveillants pour ex\u00e9cuter du code PHP arbitraire sur des installations sensibles. La faille, identifi\u00e9e comme CVE-2024-25600 (score CVSS : 9,8), permet \u00e0 des attaquants non authentifi\u00e9s d&#8217;ex\u00e9cuter du code [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1157457,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[9261,200292,1132,1933,230861,4168,22,4165,4161,200267,9048,4159,4171,200271,200268,200269,200270,128318,4172,4169,2783,367,12465,196,4166,4164,51600],"class_list":["post-1157456","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-active","tag-actualites-sur-la-cybersecurite","tag-affecte","tag-attaque","tag-bricks","tag-comment-pirater","tag-critique","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-faille","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-sites","tag-sous","tag-theme","tag-une","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1157456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1157456"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1157456\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1157457"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1157456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1157456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1157456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}