Thrive Themes has recently patched vulnerabilities in its WordPress plugins and legacy Themes. The flaws could be chained together to allow unauthenticated attackers to upload arbitrary files on vulnerable WordPress sites allowing for website compromise. Researchers warn that more than 100,000 WordPress sites using these products may still be vulnerable. Two vulnerabilities were discovered across both these Legacy Themes and plugins, and patches were subsequently released on March 12. The more critical of the two flaws ranks 10 out of 10 on the CVSS scale.
Source: https://threatpost.com/active-exploits-wordpress-sites-thrive-themes/165013/