CVE-2021-24220

Name of the Vulnerable Software and Affected Versions: Thrive “Legacy” Rise by Thrive Themes WordPress theme versions prior to 2.0.0 Luxe by Thrive Themes WordPress theme versions prior to 2.0.0 Minus by Thrive Themes WordPress theme versions prior to 2.0.0 Ignition by Thrive Themes WordPress theme versions prior to 2.0.0 FocusBlog by Thrive Themes WordPress theme versions prior to 2.0.0 Squared by Thrive Themes WordPress theme versions prior to 2.0.0 Voice WordPress theme versions prior to 2.0.0 Performag by Thrive Themes WordPress theme versions prior to 2.0.0 Pressive by Thrive Themes WordPress theme versions prior to 2.0.0 Storied by Thrive Themes WordPress theme versions prior to 2.0.0

Description: The issue allows an attacker to supply a crafted request to a REST API endpoint, which is used to compress images using the Kraken image optimization engine. This can be combined with data inserted using the Option Update vulnerability to retrieve malicious code from a remote URL and overwrite an existing file on the site or create a new file, including executable PHP files containing malicious code.

Recommendations: For Thrive “Legacy” Rise by Thrive Themes WordPress theme version prior to 2.0.0, update to version 2.0.0 or later. For Luxe by Thrive Themes WordPress theme version prior to 2.0.0, update to version 2.0.0 or later. For Minus by Thrive Themes WordPress theme version prior to 2.0.0, update to version 2.0.0 or later. For Ignition by Thrive Themes WordPress theme version prior to 2.0.0, update to version 2.0.0 or later. For FocusBlog by Thrive Themes WordPress theme version prior to 2.0.0, update to version 2.0.0 or later. For Squared by Thrive Themes WordPress theme version prior to 2.0.0, update to version 2.0.0 or later. For Voice WordPress theme version prior to 2.0.0, update to version 2.0.0 or later. For Performag by Thrive Themes WordPress theme version prior to 2.0.0, update to version 2.0.0 or later. For Pressive by Thrive Themes WordPress theme version prior to 2.0.0, update to version 2.0.0 or later. For Storied by Thrive Themes WordPress theme version prior to 2.0.0, update to version 2.0.0 or later.