Description
WordPress Plugin Thrive Clever Widgets is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently add arbitrary data to a predefined option in the wp_options table. WordPress Plugin Thrive Clever Widgets version 1.56 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.56.1 or latest
References
Related Vulnerabilities
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Remote Code Execution (1.3.4)
WordPress 5.7.x PHP Object Injection (5.7 - 5.7.1)
PostgreSQL Improper Authentication Vulnerability (CVE-2017-7546)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1052)