image credit: pxhere
The Thrive Themes represent a collection of themes and plugins that provide WordPress administrators with the means to quickly customize their websites.
Two vulnerabilities that the Thrive Themes team addressed earlier this month are currently being targeted in live attacks to upload arbitrary files to vulnerable websites, and provide attackers with backdoor control to them.
The most important of the bugs is a critical (CVSS score of 10) unauthenticated arbitrary file upload and option deletion vulnerability that affects all Thrive Theme’s Legacy Themes. The flaw exists because the Legacy Themes include an insecurely implemented function to automatically compress images during uploads.
Comments are closed.
