Description
WordPress Plugin Thrive Comments is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently add arbitrary data to a predefined option in the wp_options table. WordPress Plugin Thrive Comments version 1.4.15.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.15.3 or latest
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2006-0551)
Apache error log escape sequence injection vulnerability
WordPress Plugin Hustle-Pop-Ups, Slide-ins and Email Opt-ins CSV Injection (6.0.7)
WordPress 3.9.x Cross-Site Request Forgery (3.9 - 3.9.26)
WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.21)