Beware! You might be at risk.
Recently analyzed on March 24th, 2021 that active exploits attack the patches of the popular WordPress plugin. Thrive Themes has recently experienced vulnerable exploitation from active participants. More than 100,000 WordPress websites are vulnerable due to the recent threat.
Read Further to know in detail and the possible solution against it.
A Close Look at WordPress Thrive Themes Vulnerability
Security researchers at Wordfence have recently discovered a big security threat to WordPress website users that have installed plugins from Thrive Themes Suite.
According to Wordfence, two major vulnerabilities have been found in the patches in the suite of Thrive Themes tools. These flaws could be chained together to get access to your WordPress website as unauthenticated attackers. They could pose serious damage by uploading arbitrary files on vulnerable WordPress websites and allow you to comprise with the functionality and business.
It has also analyzed that more than 100,000 WordPress sites currently used the plugins from Thrive Themes Suite are at a higher risk of compromisation. “We have recently witnessed these vulnerabilities actively exploiting in the wild. We urge all the WordPress website users combining the functionality of Thrive Themes to update to the latest version immediately since they contain a patch for these vulnerabilities”, said Chloe Chamberland, a threat analyst with Wordfence.
Take a look at the below versions of Thrive Themes Legacy themes and plugins that are under great risk.
- All Legay Themes, Ignition, Rise, and more|Version <2.00
- Thrive Optimize| Version <22.214.171.124
- Thrive Comments| Version <126.96.36.199
- Thrive Headline Optimizer| Version <188.8.131.52
- Thrive Themes Builder | Version <2.2.4
- Thrive Leads Version| <184.108.40.206
- Thrive Ultimatum Version | <220.127.116.11
- Thrive Quiz Builder Version| <18.104.22.168
- Thrive Apprentice| Version <22.214.171.124
- Thrive Architect| Version <126.96.36.199
- Thrive Dashboard| Version <188.8.131.52
How Exploiters Attack Thrive Themes for WordPress?
As per the senior threat analyst of Wordfence attackers exploit the two-patch vulnerabilities of Thrive Themes by chaining together and access the website functioning. Although, researchers are providing minimal details of this attack, mainly to minimize the possible damage. Also, to inform WordPress site owners to get the assistance of WordPress developers and quickly update the latest version of Thrive Themes plugin they are using at the moment.
At a higher level, exploiters are using the medium of Unauthenticated Option Update to leverage the critical features of the WordPress website and upload a malicious file causing further damage.
Wordfence urges all the WordPress and Thrive Themes plugin users to stop the exploiters’ attack as they are trying to get backdoor access to your website.
The Ideal Solution
For the time being, experienced threat analysts are urging website owners running any of the Thrive Themes “legacy” themes to update to the latest version that is 2.0 immediately. Also, suggested is to update to the latest version of Thrive plugins to curb the menace of the recently witnessed vulnerable exploitation.
At WordPressIndia, we are here to assist you in profit-driven WordPress website development with the assistance of expert WordPress developers. From time to time, we provide you latest updates and happenings in the world of WordPress website that help you make the required changes, updates, and modifications at different time intervals.