alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT CVE-2024-25600 Bricks Exploitation Attempt"; flow:established,to_server; http.request_line; content:"POST|20 2f|wp|2d|json|2f|bricks|2f|v1|2f|render|5f|element|20|"; fast_pattern; http.request_body; content:"postId"; content:"nonce"; content:"useQueryEditor"; content:"queryEditor"; reference:url,github.com/Chocapikk/CVE-2024-25600/; reference:cve,2024-25600; classtype:misc-attack; sid:2051020; rev:2; metadata:affected_product Wordpress_Plugins, attack_target Client_Endpoint, tls_state TLSEncrypt, created_at 2024_02_21, cve CVE_2024_25600, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Wordpress, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_02_22, reviewed_at 2024_11_06;)