Lucene search
+L

CVE-2021-24220

🗓️ 12 Apr 2021 14:03:12Reported by WPScanType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 69 Views🌐 WEB

Thrive WordPress themes before 2.0.0 allow remote code execution via crafted REST API requests

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
Circl
CVE-2021-24220
22 Oct 202518:12
circl
CNNVD
Wordpress插件 代码问题漏洞
12 Apr 202100:00
cnnvd
Cvelist
CVE-2021-24220 All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion
12 Apr 202114:03
cvelist
EUVD
EUVD-2021-11134
7 Oct 202500:30
euvd
Nuclei
Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload
19 Jul 202603:00
nuclei
NVD
CVE-2021-24220
12 Apr 202114:15
nvd
OSV
CVE-2021-24220
12 Apr 202114:15
osv
Prion
Design/Logic Flaw
12 Apr 202114:15
prion
RedhatCVE
CVE-2021-24220
22 May 202521:05
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2021-24220
24 Mar 202100:00
vulncheck_kev
Rows per page
NVD
Vulners
Node
OR
thrivethemesfocusblogRange<2.0.0wordpress_
thrivethemesignitionRange<2.0.0wordpress
thrivethemesluxeRange<2.0.0wordpress
thrivethemesminusRange<2.0.0wordpress
thrivethemesperformagRange<2.0.0wordpress
thrivethemespressiveRange<2.0.0wordpress
thrivethemesriseRange<2.0.0wordpress
thrivethemessquaredRange<2.0.0wordpress
thrivethemesstoriedRange<2.0.0wordpress
thrivethemesvoiceRange<2.0.0wordpress
[
  {
    "product": "Rise by Thrive Themes",
    "vendor": "Thrive Themes",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Luxe by Thrive Themes",
    "vendor": "Thrive Themes",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Minus by Thrive Themes",
    "vendor": "Thrive Themes",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Ignition by Thrive Themes",
    "vendor": "Thrive Themes",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "FocusBlog by Thrive Themes",
    "vendor": "Thrive Themes",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Squared by Thrive Themes",
    "vendor": "Thrive Themes",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Voice",
    "vendor": "Thrive Themes",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Performag by Thrive Themes",
    "vendor": "Thrive Themes",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Pressive by Thrive Themes",
    "vendor": "Thrive Themes",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Storied by Thrive Themes",
    "vendor": "Thrive Themes",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
kraked_urlrequest body/wp-json/thrive/krakenREST API endpoint to compress images using Kraken; combined with an Option Update vulnerability it could fetch remote code and overwrite or create files (including PHP executables).CWE-434
idrequest body/wp-json/thrive/krakenREST API endpoint to compress images using Kraken; combined with an Option Update vulnerability it could fetch remote code and overwrite or create files (including PHP executables).CWE-434
resultsrequest body/wp-json/thrive/krakenREST API endpoint to compress images using Kraken; combined with an Option Update vulnerability it could fetch remote code and overwrite or create files (including PHP executables).CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 03:39Current
9.2High risk
Vulners AI Score9.2
CVSS 26.4
CVSS 3.19.1
EPSS0.03946
69