All Thrive Themes and Plugins - Unauthenticated Option Update

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

EUVD-2023-51880

Malicious code in bioql PyPI...

CVE-2023-51531

Cross-Site Request Forgery CSRF vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17...

CVE-2023-47783

Missing Authorization vulnerability in Thrive Themes Thrive Theme Builder.This issue affects Thrive Theme Builder: from n/a before 3.24.0...

CVE-2023-47782

Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0...

CVE-2023-47781

Cross-Site Request Forgery CSRF vulnerability in Thrive Themes Thrive Theme Builder 3.24.2 versions...

CVE-2021-24220

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

CVE-2023-51531

Cross-Site Request Forgery CSRF vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17...

CVE-2023-51531

Technical details about CVE-2023-51531 (CSRF in Thrive Automator) are not provided in the connected documents. Available sources confirm Thrive Automator affects versions up to 1.17, but do not disclose exploitation vectors, root cause specifics, or mitigations. Monitor for updates.

CVE-2023-47781

Cross-Site Request Forgery CSRF vulnerability in Thrive Themes Thrive Theme Builder 3.24.2 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Thrive Themes Thrive Theme Builder 3.24.2 versions...

CVE-2023-47781

Thrive Theme Builder (WordPress) before version 3.24.2 is vulnerable to Cross-Site Request Forgery (CSRF). Root cause: missing CSRF checks in the affected theme builder, enabling unauthorized actions by forged requests from logged-in users. Impact per CVSS: high (8.8/10), affecting confidentialit...

CVE-2021-24220

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

CVE-2021-24219

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

Design/Logic Flaw

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

CVE-2021-24220

CVE-2021-24220 is tied to Thrive Themes Legacy plugins/themes (up to 2.0.0) that expose a REST endpoint (kraken) used to compress images. The flaw arises when crafted requests, combined with data inserted via an Option Update vulnerability, allow remote retrieval of code from a URL and writing fi...

CVE-2021-24219 All Thrive Themes and Plugins - Unauthenticated Option Update

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws

Attackers are actively exploiting two recently-patched vulnerabilities in a popular suite of tools for WordPress websites from marketing platform Thrive Themes. Thrive Themes offers various products to help WordPress websites “convert visitors into leads and customers.” Its suite of products,...