All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion
CVE-2021-24220

9.1CRITICAL

Key Information:

Vendor: Wordpress
Status: Rise By Thrive Themes; Luxe By Thrive Themes; Minus By Thrive Themes; Ignition By Thrive Themes
Vendor: CVE Published:; 12 April 2021

Summary

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code.

Affected Version(s)

FocusBlog by Thrive Themes 2.0.0

Ignition by Thrive Themes 2.0.0

Luxe by Thrive Themes 2.0.0

References

https://www.wordfence.com/blog/2021/03/recently-patched-v...

x_refsource_MISC

https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2021
Vulnerability Reserved
Jan 14, 2021