The Thrive Themes developers announced the release of security patches for some flaws in their WordPress plugins and legacy themes, noting that some groups of threat actors could attack some deployments without updates. It should be remembered that Thrive Themes is a set of tools for content management systems (CMS).
The two reported flaws would allow unauthenticated threat actors to upload arbitrary files to vulnerable websites, charging the entire compromised infrastructure. Security patches to fix these flaws were issued on March 12.
Although the flaws have already been fixed, threat actors have deployed a wave of exploit attempts that could affect up to 100,000 WordPress websites that remain un updated: “We’ve detected multiple exploit attempts in real-world scenarios, so we asked users to upgrade to the latest version available,” says Chloe Chamberland, Wordfence’s cybersecurity specialist.
The most severe vulnerability received a score of 10/10 according to the Common Vulnerability Scoring System (CVSS) and resides in Thrive Themes Legacy Themes, a set of tools to compress images automatically during upload, a functionality implemented insecurely.
The second flaw is less severe and resides in Thrive Themes plugins. This flaw exists due to an unsafe implementation of a feature in Thrive Dashboard, which allows integration with the Zapier online automation tool. Failures reside in the following versions of Thrive Themes:
- Thrive Optimize, earlier than v18.104.22.168
- Thrive Comments, earlier than v22.214.171.124
- Thrive Headline Optimizer, earlier than v126.96.36.199
- Thrive Themes Builder, earlier than v2.2.4
- Thrive Leads v188.8.131.52
- Thrive Ultimatum, earlier than v184.108.40.206
- Thrive Quiz Builder, earlier than v220.127.116.11
- Thrive Apprentice v18.104.22.168
- Thrive Architect, earlier than v22.214.171.124
- Thrive Dashboard, earlier than 126.96.36.199
Chamberland claims that hackers could chain these two vulnerabilities to access affected websites. However, the specialist mentions that at the moment it is not possible to reveal additional details about the attacks, as thousands of website administrators still do not upgrade to secure versions of the plugins.
Moreover, a group of cybersecurity specialists mention that attackers are exploiting the flaw known as “Unauthenticated Option Update” to upload arbitrary files and upload malicious PHP files. “The result of chained exploitation of these flaws allows threat actors to gain backdoor access to vulnerable websites,” she concludes.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.