Lucene search
K

Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload

🗓️ 09 Jul 2026 03:01:09Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 13 Views

Thrive Themes before 2.0.0 expose Kraken image compression web interface that fetches remote code.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2021-24220
22 Oct 202518:12
circl
CNNVD
Wordpress插件 代码问题漏洞
12 Apr 202100:00
cnnvd
CVE
CVE-2021-24220
12 Apr 202114:03
cve
Cvelist
CVE-2021-24220 All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion
12 Apr 202114:03
cvelist
EUVD
EUVD-2021-11134
7 Oct 202500:30
euvd
NVD
CVE-2021-24220
12 Apr 202114:15
nvd
OSV
CVE-2021-24220
12 Apr 202114:15
osv
Prion
Design/Logic Flaw
12 Apr 202114:15
prion
RedhatCVE
CVE-2021-24220
22 May 202521:05
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2021-24220
24 Mar 202100:00
vulncheck_kev
Rows per page
id: CVE-2021-24220

info:
  name: Multiple Thrive Themes < 2.0.0 -  Arbitrary File Upload
  author: pussycat0x
  severity: critical
  description: |
    Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code.
  impact: |
    Attackers can execute arbitrary PHP code, potentially leading to full site compromise and malicious control.
  remediation: |
    Update all affected themes to version 2.0.0 or later to fix the vulnerability.
  reference:
    - https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild
    - https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
    cvss-score: 9.1
    cve-id: CVE-2021-24220
    cwe-id: CWE-434
    epss-score: 0.03946
    epss-percentile: 0.89168
    cpe: cpe:2.3:a:thrivethemes:focusblog:*:*:*:*:*:wordpress_:*:*
  metadata:
    verified: true
    vendor: thrivethemes
    product: focusblog
    framework: wordpress
  tags: cve,cve2021,wordpress,wp,wpscan,wp-theme,thrive,passive,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/themes/{{theme}}/style.css"

    attack: batteringram
    payloads:
      theme:
        - rise
        - luxe
        - minus
        - ignition
        - focusblog
        - squared
        - voice
        - performag
        - pressive
        - storied

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - compare_versions(version, '< 2.0.0')
          - contains(body, 'Theme Name')
        condition: and

      - type: word
        part: body
        words:
          - "rise"
          - "luxe"
          - "minus"
          - "ignition"
          - "focusblog"
          - "squared"
          - "voice"
          - "performag"
          - "pressive"
          - "storied"
        condition: or
        case-insensitive: true

    extractors:
      - type: regex
        part: body
        name: version
        group: 1
        regex:
          - 'Version: ([0-9.]+)'
# digest: 4a0a004730450220545f3386e12e6275bb262fb058a581797ce0c841d242a2ec61f0916f4632812f022100dc042cfb9208e8bc16e137c05dee40034fa324c234232ae9773028aaa094ad57:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 26.4
CVSS 3.19.1
EPSS0.03946
13