The ThemeREX Addons plugin for WordPress is vulnerable to Improper Access Control in various versions. This is due to the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter. This makes it possible for unauthenticated attackers to execute functions like wp_insert_user, allowing attackers the ability to inject administrative user accounts and take over sites. See https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/ for accurate version information.
CVE-2020-10257 is a critical severity with CVSS 9.8 Vulnerability issue affecting the Plugin ThemeREX Addons. It affects Versions before 1.6.49.6 and is fixed in 1.6.49.10.
CVE-2020-10257 is tracked for the Plugin ThemeREX Addons as critical severity with CVSS 9.8. The affected range is Versions before 1.6.49.6. Update ThemeREX Addons to 1.6.49.10 or newer where that version is compatible with the site.
| Software Type | Plugin |
|---|---|
| Software Slug |
trx_addons
View on wordpress.org
|
| CVE | CVE-2020-10257 |
| Patched Versions |
1.6.49.10
1.6.49.6
1.6.49.6.3
1.6.49.7
1.6.50.2
1.6.51.4
1.6.52.3
1.6.53.4
1.6.54.1
1.6.55.8
1.6.56.1
1.6.57.4
1.6.58.3
1.6.59.1.2
1.6.59.4
1.6.60.1
1.6.61.1.1
1.6.61.2.1
1.6.62.4
1.6.65.1
1.6.66.1
1.6.67.1
1.70.3.1
|
| Affected Versions |
Versions before 1.6.49.6
1.6.49.6.2 up to before 1.6.49.6.3
1.6.49.8 up to before 1.6.49.9
1.6.50 up to before 1.6.50.2
1.6.51 up to before 1.6.51.4
1.6.52 up to before 1.6.52.3
1.6.53 up to before 1.6.53.4
1.6.54 up to before 1.6.54.1
1.6.55 up to before 1.6.55.8
1.6.56 up to before 1.6.56.1
1.6.57 up to before 1.6.57.4
1.6.58.2 up to before 1.6.58.3
1.6.59 through 1.6.59
1.6.59.1 through 1.6.59.1
1.6.59.1.1 up to before 1.6.59.1.2
1.6.59.2 up to before 1.6.59.4
1.6.60 up to before 1.6.60.1
1.6.61 through 1.6.61
1.6.61.1 through 1.6.61.1
1.6.61.1.0 up to before 1.6.61.1.1
1.6.61.2 up to before 1.6.61.2.1
1.6.65 up to before 1.6.65.1
1.6.66 up to before 1.6.66.1
1.6.67 up to before 1.6.67.1
1.70.3 through 1.70.3
|
These internal links group the same WordPress plugin by CVE, issue type, severity, and patch status so operators and search engines can connect the full vulnerability cluster.
ThemeREX Addons < 2.38.5 - Unauthenticated Arbitrary File Upload
ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data
ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function
This record contains material that is subject to copyright
License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. Read more
License: CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. Read more
