AL2021_08 Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws (25th March, 2021)

Description

Thrive Themes has published a security update for its recently discovered vulnerabilities in Thrive Suite on 25th March 2021. Despite these patches, attackers continue to exploit users who have not yet applied these updates. It is recommended that you take the necessary precautions by ensuring your products are always updated.

Summary

Two vulnerabilities were discovered across both these Legacy Themes and plugins, and patches were subsequently released on March 12. The flaws could be chained together to allow unauthenticated attackers to ultimately upload arbitrary files on vulnerable WordPress sites – allowing for website compromise.

How it works

Attackers are using the Unauthenticated Option Update vulnerability to update an option in the database that can then be used by the Unauthenticated Arbitrary File Upload vulnerability to upload a malicious PHP file. The combination of these two vulnerabilities is allowing attackers to gain backdoor access into vulnerable sites to further compromise them

Solution

Below is a list of the updated versions:

  • Thrive Quiz Builder Version 2.4.0.1
  • Thrive Dashboard Version 2.4.0.1
  • Thrive Architect Version 2.6.8.1
  • Thrive Apprentice Version 2.4.0.1
  • Thrive Ultimatum Version 2.4.0.1
  • Thrive Leads Version 2.4.0.1
  • Thrive Ovation Version 2.4.5.1
  • All Themes V2.0.3
  • Thrive Headline Optimizer Version 1.3.8.1
  • Thrive Comments Version 1.4.16.1
  • Thrive Optimize Version 1.4.14.1
  • Thrive Themes Builder Version 2.3.1

For more information on these Thrive Themes updates you can follow this URL:

https://changelog.thrivethemes.com/

The Guyana National CIRT recommends that users and administrators review this alert and apply updates where necessary.

References

  • Thrive Themes releases security updates (25th March, 2021). Retrieved from Threat Post

          https://threatpost.com/active-exploits-wordpress-sites-thrive-themes/165013/

  • Thrive Themes releases security updates (25th March, 2021). Retrieved from Wordfence

         https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild/