Security News > 2021 > March > Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws

Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws
2021-03-24 20:36

Attackers are actively exploiting two recently-patched vulnerabilities in a popular suite of tools for WordPress websites from marketing platform Thrive Themes.

Thrive Themes offers various products to help WordPress websites "Convert visitors into leads and customers." Its suite of products, called Thrive Suite, includes a lineup of Legacy Themes - tools to help change the layout and design of WordPress websites - as well as various plugins.

The flaws could be chained together to allow unauthenticated attackers ultimately upload arbitrary files on vulnerable WordPress sites - allowing for website compromise.

Despite patches being released, researchers are seeing a wave of exploits attempts begin - and they warn that more than 100,000 WordPress sites using Thrive Themes products may still be vulnerable.

The more critical of the two flaws ranks 10 out of 10 on the CVSS scale, and exists in Thrive Themes Legacy Themes.

"For the time being, we urge that site owners running any of the Thrive Themes 'legacy' themes to update to version 2.0.0 immediately, and any site owners running any of the Thrive plugins to update to the latest version available for each of the respective plugins," she stressed.


News URL

https://threatpost.com/active-exploits-wordpress-sites-thrive-themes/165013/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 95 44 18 159