Description
Thrive βLegacyβ Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code.
Affected products
- Thrive Themes / FocusBlog by Thrive Themes2.0.0 β 2.0.0
- Thrive Themes / Ignition by Thrive Themes2.0.0 β 2.0.0
- Thrive Themes / Luxe by Thrive Themes2.0.0 β 2.0.0
- Thrive Themes / Minus by Thrive Themes2.0.0 β 2.0.0
- Thrive Themes / Performag by Thrive Themes2.0.0 β 2.0.0
- Thrive Themes / Pressive by Thrive Themes2.0.0 β 2.0.0
- Thrive Themes / Rise by Thrive Themes2.0.0 β 2.0.0
- Thrive Themes / Squared by Thrive Themes2.0.0 β 2.0.0
- Thrive Themes / Storied by Thrive Themes2.0.0 β 2.0.0
- Thrive Themes / Voice2.0.0 β 2.0.0
Exploits & PoCs
- nucleiMultiple Thrive Themes < 2.0.0 - Arbitrary File Uploadby pussycat0x