CVE-2025-6997
- EPSS 0.02%
- Veröffentlicht 19.07.2025 08:24:22
- Zuletzt bearbeitet 11.08.2025 19:13:21
The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine c...
CVE-2024-13448
- EPSS 3.2%
- Veröffentlicht 28.01.2025 07:15:06
- Zuletzt bearbeitet 30.01.2025 18:01:07
The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticat...
CVE-2025-0682
- EPSS 0.39%
- Veröffentlicht 25.01.2025 06:15:28
- Zuletzt bearbeitet 08.08.2025 02:08:56
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-leve...
CVE-2020-10257
- EPSS 47.78%
- Veröffentlicht 10.03.2020 00:15:10
- Zuletzt bearbeitet 21.11.2024 04:55:05
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_...