CVE-2021-24219

Name of the Vulnerable Software and Affected Versions: Thrive Optimize WordPress plugin versions prior to 1.4.13.3 Thrive Comments WordPress plugin versions prior to 1.4.15.3 Thrive Headline Optimizer WordPress plugin versions prior to 1.3.7.3 Thrive Leads WordPress plugin versions prior to 2.3.9.4 Thrive Ultimatum WordPress plugin versions prior to 2.3.9.4 Thrive Quiz Builder WordPress plugin versions prior to 2.3.9.4 Thrive Apprentice WordPress plugin versions prior to 2.3.9.4 Thrive Visual Editor WordPress plugin versions prior to 2.6.7.4 Thrive Dashboard WordPress plugin versions prior to 2.3.9.3 Thrive Ovation WordPress plugin versions prior to 2.4.5 Thrive Clever Widgets WordPress plugin versions prior to 1.57.1 Rise by Thrive Themes WordPress theme versions prior to 2.0.0 Ignition by Thrive Themes WordPress theme versions prior to 2.0.0 Luxe by Thrive Themes WordPress theme versions prior to 2.0.0 FocusBlog by Thrive Themes WordPress theme versions prior to 2.0.0 Minus by Thrive Themes WordPress theme versions prior to 2.0.0 Squared by Thrive Themes WordPress theme versions prior to 2.0.0 Voice WordPress theme versions prior to 2.0.0 Performag by Thrive Themes WordPress theme versions prior to 2.0.0 Pressive by Thrive Themes WordPress theme versions prior to 2.0.0 Storied by Thrive Themes WordPress theme versions prior to 2.0.0 Thrive Themes Builder WordPress theme versions prior to 2.2.4

Description: The issue concerns a REST API endpoint associated with Zapier functionality, which was intended to require an API key for access. However, in vulnerable versions, it was possible to access this endpoint by supplying an empty api key parameter if Zapier was not enabled. This allowed attackers to add arbitrary data to a predefined option in the wp options table.

Recommendations: Update Thrive Optimize WordPress plugin to version 1.4.13.3 or later. Update Thrive Comments WordPress plugin to version 1.4.15.3 or later. Update Thrive Headline Optimizer WordPress plugin to version 1.3.7.3 or later. Update Thrive Leads WordPress plugin to version 2.3.9.4 or later. Update Thrive Ultimatum WordPress plugin to version 2.3.9.4 or later. Update Thrive Quiz Builder WordPress plugin to version 2.3.9.4 or later. Update Thrive Apprentice WordPress plugin to version 2.3.9.4 or later. Update Thrive Visual Editor WordPress plugin to version 2.6.7.4 or later. Update Thrive Dashboard WordPress plugin to version 2.3.9.3 or later. Update Thrive Ovation WordPress plugin to version 2.4.5 or later. Update Thrive Clever Widgets WordPress plugin to version 1.57.1 or later. Update Rise by Thrive Themes WordPress theme to version 2.0.0 or later. Update Ignition by Thrive Themes WordPress theme to version 2.0.0 or later. Update Luxe by Thrive Themes WordPress theme to version 2.0.0 or later. Update FocusBlog by Thrive Themes WordPress theme to version 2.0.0 or later. Update Minus by Thrive Themes WordPress theme to version 2.0.0 or later. Update Squared by Thrive Themes WordPress theme to version 2.0.0 or later. Update Voice WordPress theme to version 2.0.0 or later. Update Performag by Thrive Themes WordPress theme to version 2.0.0 or later. Update Pressive by Thrive Themes WordPress theme to version 2.0.0 or later. Update Storied by Thrive Themes WordPress theme to version 2.0.0 or later. Update Thrive Themes Builder WordPress theme to version 2.2.4 or later.