CVE-2021-24220 Scanner

Thrive Themes WordPress Themes are popular tools used by website developers and owners to create and manage themes on WordPress sites. These themes offer customizable features that enhance the appearance and functionality of websites, appealing to a wide range of users globally. Businesses and individuals both use these themes to build aesthetically pleasing and user-friendly sites. Thrive Themes are known for their flexibility, speed, and integration capabilities with various WordPress plugins. They have a substantial user base, especially among those seeking professional and fully functional WordPress themes. These themes often support advanced features such as drag-and-drop editing, customizable templates, and responsive design.

The Arbitrary File Upload vulnerability allows an attacker to upload malicious files onto a server running vulnerable software. This vulnerability arises due to inadequate validation or sanitization of file inputs in the affected Thrive Themes. Attackers can exploit this flaw by uploading files containing executable PHP code disguised as an image or another non-threatening file format. This can lead to unauthorized access or control over server resources by executing the malicious code. The vulnerability had been actively exploited, jeopardizing sites' security by potentially leading to a complete compromise. Keeping themes updated is crucial in mitigating this type of risk.

The vulnerability is technically rooted in the registration of a REST API endpoint used for image compression within the Thrive Themes, which can be manipulated to upload arbitrary files. Attackers can deploy crafted requests leveraging this endpoint to download malicious code from remote servers. This malicious code can overwrite existing files or create new ones, thereby executing unauthorized actions. The array of vulnerable themes includes Thrive 'Legacy' Rise, Luxe, Ignition, FocusBlog, and others before version 2.0.0. Exploiting this flaw requires no authenticated access, highlighting the severity of potential exploits against public-facing sites.

Exploiting this vulnerability could lead to several severe consequences. Successful exploitation can result in arbitrary code execution, allowing attackers to seize control over affected WordPress installations. This could facilitate data theft, site defacement, or use the site as a platform for further attacks. In worst-case scenarios, it can grant attackers significant access, equating to complete site takeover. Additionally, compromised sites might be leveraged for phishing or malware dissemination by the attackers. Users' confidential data could be at risk, inclusive of passwords or other sensitive information stored on these WordPress sites.

REFERENCES

• https://www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-actively-exploited-in-the-wild
• https://wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac