CVE-2021-24220
Published: Apr 12, 2021
Modified: Aug 3, 2024
Description
Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code.
| Vendor | Product | Versions |
|---|---|---|
Thrive Themes | Rise by Thrive Themes | affected 2.0.0 - < 2.0.0 |
Thrive Themes | Luxe by Thrive Themes | affected 2.0.0 - < 2.0.0 |
Thrive Themes | Minus by Thrive Themes | affected 2.0.0 - < 2.0.0 |
Thrive Themes | Ignition by Thrive Themes | affected 2.0.0 - < 2.0.0 |
Thrive Themes | FocusBlog by Thrive Themes | affected 2.0.0 - < 2.0.0 |
Thrive Themes | Squared by Thrive Themes | affected 2.0.0 - < 2.0.0 |
Thrive Themes | Voice | affected 2.0.0 - < 2.0.0 |
Thrive Themes | Performag by Thrive Themes | affected 2.0.0 - < 2.0.0 |
Thrive Themes | Pressive by Thrive Themes | affected 2.0.0 - < 2.0.0 |
Thrive Themes | Storied by Thrive Themes | affected 2.0.0 - < 2.0.0 |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now