A major security vulnerability was found in WordPress themes and plugins developed by the company Thrive Themes. The company has already released a fix, but, according to security company Wordfence, the error still endangers more than 100,000 sites that have not yet downloaded the patch to mitigate the flaw.
As security experts explain, the flaw found in Thrive Themes’ solutions allows hackers to use the theme or a plugin to upload files to WordPress sites. The contents may include viruses and codes for displaying spam.
Although the company released a patch on March 12 for the flaw, thousands of users have not yet downloaded the update, Wordfence estimates. To perform the correction, the user only needs to enter the WordPress update system and download the latest version of the theme or plugin used and which is distributed by Thrive Themes.
Which version to download?
As the update is now available, hackers are targeting users of Thrive Themes services who have not yet applied the patch patch on their websites. Below, you can see a list of the affected services and which version should be used to be protected from the vulnerability:
All Legacy themes from Thrive Themes, including Rise, Ignition and others | Version 2.0.0 or higher
Thrive Optimize | Version 220.127.116.11 or higher
Thrive Comments | Version 18.104.22.168 or higher
Thrive Headline Optimizer | Version 22.214.171.124 or higher
Thrive Themes Builder | Version 2.2.4 or higher
Thrive Leads | Version 126.96.36.199 or higher
Thrive Ultimatum | Version 188.8.131.52 or higher
Thrive Quiz Builder | Version 184.108.40.206 or higher
Thrive Apprentice | Version 220.127.116.11 or higher
Thrive Architect | Version 18.104.22.168 or higher
Thrive Dashboard | Version 22.214.171.124 or higher
Thrive Ovation | Version 2.4.5 or higher