Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws
Attackers are currently targeting WordPress users who have not implemented patches to their plugins. Thrive Themes, a company that offers various products connected to WordPress, recently released patches for vulnerabilities within its services. However, researchers found that users who have failed to implement the fixes are being actively targeted by attackers. The products help WordPress sites convert visitors and leads into customers, according to the company.
The company offers a suite of products called Thrive Suite, that help change the layout and design of WordPress sites. The vulnerabilities were discovered across Legacy Themes and Plugins, with patches released on March 12. The flaws could be exploited together to allow unauthorized attackers to upload arbitrary files to vulnerable WordPress sites, leading to website compromise.