What is CVE-2021-24220?

CVE-2021-24220 is a vulnerability in Thrive Themes Focusblog By, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-04-12.

Is CVE-2021-24220 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Thrive Themes Focusblog By

CVE-2021-24220

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog…

Vulnerability class: Unrestricted File Upload

EPSS: 0.638 (98.4th percentile) — read the EPSS interpretation.

Affected products

Thrive Themes Focusblog By — versions 2.0.0
Thrive Themes Ignition By — versions 2.0.0
Thrive Themes Luxe By — versions 2.0.0
Thrive Themes Minus By — versions 2.0.0
Thrive Themes Performag By — versions 2.0.0
Thrive Themes Pressive By — versions 2.0.0
Thrive Themes Rise By — versions 2.0.0
Thrive Themes Squared By — versions 2.0.0
Thrive Themes Storied By — versions 2.0.0
Thrive Themes Voice — versions 2.0.0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

20142995/nuclei-templates

References

www.wordfence.com/blog/2021/03/recently-patched-vulnerability-in-thrive-themes-… (x_refsource_MISC)
wpscan.com/vulnerability/a2424354-2639-4f53-a24f-afc11f6c4cac (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-24220?: CVE-2021-24220 is a vulnerability in Thrive Themes Focusblog By, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-04-12.
Is CVE-2021-24220 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.