2 matches found
CVE-2021-24219
The CVE-2021-24219 entry concerns a REST API endpoint in Thrive Themes plugins/themes (e.g., Thrive Optimize and related plugins, and several Thrive Themes themes) that was intended to require an API key for access but could be reached with an empty api_key parameter when Zapier was not enabled. ...
CVE-2023-47781
Thrive Theme Builder (WordPress) before version 3.24.2 is vulnerable to Cross-Site Request Forgery (CSRF). Root cause: missing CSRF checks in the affected theme builder, enabling unauthorized actions by forged requests from logged-in users. Impact per CVSS: high (8.8/10), affecting confidentialit...