GSD-2021-24220
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-24220",
"description": "Thrive \u201cLegacy\u201d Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code.",
"id": "GSD-2021-24220"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-24220"
],
"details": "Thrive \u201cLegacy\u201d Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code.",
"id": "GSD-2021-24220",
"modified": "2023-12-13T01:23:37.764855Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24220",
"STATE": "PUBLIC",
"TITLE": "All Thrive Themes Legacy Themes \u003c 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rise by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Luxe by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Minus by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Ignition by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "FocusBlog by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Squared by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Voice",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Performag by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Pressive by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
},
{
"product_name": "Storied by Thrive Themes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.0.0",
"version_value": "2.0.0"
}
]
}
}
]
},
"vendor_name": "Thrive Themes"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Thrive \u201cLegacy\u201d Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild"
},
{
"name": "https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thrivethemes:focusblog:*:*:*:*:*:wordpress_:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:thrivethemes:ignition:*:*:*:*:*:wordpress:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:thrivethemes:luxe:*:*:*:*:*:wordpress:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:thrivethemes:minus:*:*:*:*:*:wordpress:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:thrivethemes:performag:*:*:*:*:*:wordpress:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:thrivethemes:pressive:*:*:*:*:*:wordpress:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:thrivethemes:rise:*:*:*:*:*:wordpress:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:thrivethemes:squared:*:*:*:*:*:wordpress:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:thrivethemes:storied:*:*:*:*:*:wordpress:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:thrivethemes:voice:*:*:*:*:*:wordpress:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24220"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Thrive \u201cLegacy\u201d Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac"
},
{
"name": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
},
"lastModifiedDate": "2021-04-22T17:31Z",
"publishedDate": "2021-04-12T14:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…