A major security vulnerability was found in WordPress themes and plugins developed by the company Thrive Themes. The company has already released a fix, but, according to security company Wordfence, the error still endangers more than 100,000 sites that have not yet downloaded the patch to mitigate the flaw.

As security experts explain, the flaw found in Thrive Themes’ solutions allows hackers to use the theme or a plugin to upload files to WordPress sites. The contents may include viruses and codes for displaying spam.

Although the company released a patch on March 12 for the flaw, thousands of users have not yet downloaded the update, Wordfence estimates. To perform the correction, the user only needs to enter the WordPress update system and download the latest version of the theme or plugin used and which is distributed by Thrive Themes.

Which version to download?

As the update is now available, hackers are targeting users of Thrive Themes services who have not yet applied the patch patch on their websites. Below, you can see a list of the affected services and which version should be used to be protected from the vulnerability:

All Legacy themes from Thrive Themes, including Rise, Ignition and others | Version 2.0.0 or higher
Thrive Optimize | Version 1.4.13.3 or higher
Thrive Comments | Version 1.4.15.3 or higher
Thrive Headline Optimizer | Version 1.3.7.3 or higher
Thrive Themes Builder | Version 2.2.4 or higher
Thrive Leads | Version 2.3.9.4 or higher
Thrive Ultimatum | Version 2.3.9.4 or higher
Thrive Quiz Builder | Version 2.3.9.4 or higher
Thrive Apprentice | Version 2.3.9.4 or higher
Thrive Architect | Version 2.6.7.4 or higher
Thrive Dashboard | Version 2.3.9.3 or higher
Thrive Ovation | Version 2.4.5 or higher