CVE-2021-24219 Scanner

Thrive Themes and Plugins are extensively used within the WordPress ecosystem to enhance website functionality and aesthetics. Small businesses, bloggers, marketers, and developers frequently employ these plugins and themes to optimize their WordPress sites. These plugins provide valuable features such as landing page creation, email list building, and quiz management, aiming to boost website performance and user engagement. They support diverse user bases, enabling customization and enhanced user interaction. With a focus on ease of use, these products are popular among non-technical users looking for professional site functionality without extensive coding knowledge. The wide adoption necessitates stringent security measures to safeguard websites from evolving cyber threats.

The unauthorized option update vulnerability allows attackers to exploit a REST API endpoint associated with Zapier functionality, which mistakenly provides access in specific conditions without requiring an API key. This vulnerability arises in instances where Zapier is not enabled, allowing malicious actors to bypass intended security checks. Attackers can potentially add arbitrary data to a predefined option in the wp_options table, impacting site integrity. This flaw heightens the risk of unauthorized changes to critical WordPress configuration data, leading to possible disruption of site operations. Misconfigured access controls inadvertently grant attackers more freedom to manipulate site options. This vulnerability emphasizes the need for constant monitoring and robust access control mechanisms.

Technical details of this vulnerability highlight a misconfiguration within the REST API, intended to require user authentication through an API key. However, erroneous code logic permits unauthenticated access by allowing empty api_key parameters. The affected endpoint, "/wp-json/td/v1/optin/subscription", exposes the site to malicious data insertion in its backend settings. Attackers are able to manipulate hooks and options stored in the wp_options table, leading to altered site configurations. The use of the POST method to access sensitive endpoints further elevates the potential impact. Effective exploitation depends on site setups lacking the necessary security checks for API requests. Proper assessment of this vulnerability's technical aspects can guide more secure API handling practices.

Exploitation of this vulnerability allows unauthorized users to make critical configuration changes within a WordPress installation without admin privileges. It poses a risk to data integrity, with altered settings potentially disrupting site functionality or introducing unwanted behavior. The systemic effects could extend to unauthorized data exposure, performance degradation, and undermined trust in site security. Given the extensive deployment of Thrive products, the oversight can leave numerous sites vulnerable to targeted attacks. Correction of security misconfigurations eliminates unauthorized access paths, safeguarding against malicious tampering and data theft. The vulnerability underscores the critical role of continuous security review and patch management for plugins.

REFERENCES

• https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild
• https://wpscan.com/vulnerability/35acd2d8-85fc-4af5-8f6c-224fa7d92900/