Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws

Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws

Thrive Themes has recently patched vulnerabilities in its WordPress plugins and legacy Themes – but attackers are targeting those who haven't yet applied security updates.

The more critical of the two flaws ranks 10 out of 10 on the CVSS scale, and exists in Thrive Themes Legacy Themes. These themes feature the ability to automatically compress images during uploads – however this functionality was insecurely implemented, said Chamberland.

“Thrive ‘Legacy’ Themes register a REST API endpoint to compress images using the Kraken image optimization engine,” said Chamberland. “By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file. This includes executable PHP files that contain malicious code.”

vulnerabilities wordpress wordpress sites thrive themes flaws

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs.

WP Bakery WordPress Vulnerability Affects Millions of Sites

WP Bakery Page Builder WordPress plugin vulnerability affects over 4 million sites. Researchers discovered a vulnerability in WP Bakery page builder that allows an attacker to inject malicious JavaScript into pages and posts. The vulnerability allows an attacker to inject code into pages and posts that then attacks site visitor browsers.

Loginizer WordPress Vulnerability Affects +1 Million Sites

Popular WordPress security plugin Loginizer patched two security issues, including a SQL Injection. WordPress Loginizer Plugin has issued a security patch for a vulnerability that could allow a hacker to modify a database through an Unauthenticated SQL Injection exploit.

WordPress Redux Plugin Vulnerability Affects +1 Million Sites

Redux, a popular WordPress plugin with more than 1 million active installations recently patched a vulnerability. The vulnerability allowed an attacker to bypass security measures in a Cross-Site Request Forgery (CSRF) attack.

Why Use WordPress? What Can You Do With WordPress?

WordPress is the most preferred blogging platform and CMS. Let's check out the 10 effective uses of WordPress beyond blogging.