CVE & CISA-KEV Catalog

CVE-2021-24219

MEDIUMEPSS 79th pctl
5.3
CVSS v3
NVD

Description

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table.

How to fix

Remediation Available
focusblogNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2021-24219derived from NVD
ignitionNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2021-24219derived from NVD
luxeNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2021-24219derived from NVD
minusNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2021-24219derived from NVD
performagNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2021-24219derived from NVD
pressiveNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2021-24219derived from NVD
riseNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2021-24219derived from NVD
squaredNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2021-24219derived from NVD
storiedNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2021-24219derived from NVD
thrive apprenticeNVD
Affected:< 2.3.9.4Fixed in:2.3.9.4CVE-2021-24219derived from NVD
thrive clever widgetsNVD
Affected:< 1.57.1Fixed in:1.57.1CVE-2021-24219derived from NVD
thrive commentsNVD
Affected:< 1.4.15.3Fixed in:1.4.15.3CVE-2021-24219derived from NVD
thrive dashboardNVD
Affected:< 2.3.9.3Fixed in:2.3.9.3CVE-2021-24219derived from NVD
thrive headline optimizerNVD
Affected:< 1.3.7.3Fixed in:1.3.7.3CVE-2021-24219derived from NVD
thrive optimizeNVD
Affected:< 1.4.13.3Fixed in:1.4.13.3CVE-2021-24219derived from NVD
thrive ovationNVD
Affected:< 2.4.5Fixed in:2.4.5CVE-2021-24219derived from NVD
thrive quiz builderNVD
Affected:< 2.3.9.4Fixed in:2.3.9.4CVE-2021-24219derived from NVD
thrive themes builderNVD
Affected:< 2.2.4Fixed in:2.2.4CVE-2021-24219derived from NVD
thrive visual editorNVD
Affected:< 2.6.7.4Fixed in:2.6.7.4CVE-2021-24219derived from NVD
voiceNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2021-24219derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityLow
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploit Intelligence

2.08%probability of exploitation in 30 days
79thpercentile

Elevated risk: more likely to be exploited than 79% of all known CVEs.

References

Exploit1
Third-Party Advisory1

Related Vulnerabilities

Other CWE-284 (Improper Access Control) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-27350Critical9.8100%KEV + RansomFix
CVE-2019-1653High7.5100%KEV-
CVE-2023-23752Medium5.3100%KEVFix
CVE-2023-29298High7.5100%KEV-
CVE-2023-38205High7.5100%KEV-
CVE-2024-27348Critical9.899%KEVFix
Embed a live status badge for CVE-2021-24219
CVE-2021-24219 severity badge

Markdown

[![CVE-2021-24219](https://tridentstack.com/cve/badge/CVE-2021-24219.svg)](https://tridentstack.com/cve/CVE-2021-24219)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-24219"><img src="https://tridentstack.com/cve/badge/CVE-2021-24219.svg" alt="CVE-2021-24219"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.