Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2020-10257

🗓️ 09 Mar 2020 23:41:34Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 197 Views🌐 WEB

The ThemeREX Addons plugin for WordPress before 2020-03-09 allows unauthorized PHP function execution

Related
Detection
Refs
Paths
NVD
Node
themerexaddonsMatch1.70.3wordpress
AND
themerexozeum-museumRange<1.0.2wordpress
Node
themerexaddonsMatch1.70.3wordpress
AND
themerexchit_club-board_gamesRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.67wordpress
AND
themerexyottis-simple_portfolioRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.66wordpress
AND
themerexhelion-agency_&portfolioRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.66wordpress
AND
themerexamuliRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.65wordpress
AND
themerexnelson-barbershop_+_tattoo_salonRange<1.0.1.2001wordpress
Node
themerexaddonsMatch1.6.65wordpress
AND
themerexhallelujah-churchRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.65wordpress
AND
themerexright_wayRange<4.0.1wordpress
Node
themerexaddonsMatch1.6.65wordpress
AND
themerexprider-pride_festRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.62.3wordpress
AND
themerexmystik-esotericsRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.62.3wordpress
AND
themerexskydiving_and_flying_companyRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.62.1wordpress
AND
themerexdronex-aerial_photography_servicesRange<1.1.2001wordpress
Node
themerexaddonsMatch1.6.61.2wordpress
AND
themerexsamadhi-buddhistRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.61.3wordpress
AND
themerextantum-rent_a_car,_rent_a_bike,_rent_a_scooter_multiskin_themeRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.61.2wordpress
AND
themerexscientia-public_libraryRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.61.2wordpress
AND
themerexblabberRange<1.5.2009wordpress
Node
themerexaddonsMatch1.6.61.1wordpress
AND
themereximpacto_patronus_multi-landingRange<1.1.2001wordpress
Node
themerexaddonsMatch1.6.61wordpress
AND
themerexrare_radioRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.60wordpress
AND
themerexpiqes-creative_startup_&_agency_wordpress_themeRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.59.3wordpress
AND
themerexkratz-digital_agencyRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.59.2wordpress
AND
themerexpixefyRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.59.1.1wordpress
AND
themerexnetmix-broadband_&_telecomRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.59wordpress
AND
themerexkids_careRange<3.0.5wordpress
Node
themerexaddonsMatch1.6.58.2wordpress
AND
themerexbriny-diving_wordpress_themeRange<1.2.2000wordpress
Node
themerexaddonsMatch1.6.57.3wordpress
AND
themerextornadosRange<1.1.2001wordpress
Node
themerexaddonsMatch1.6.57.4wordpress
AND
themerexgridironRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.57.2wordpress
AND
themerexyungen-digital/marketing_agencyRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.57.3wordpress
AND
themerexfc_united-footballRange<1.0.7wordpress
Node
themerexaddonsMatch1.6.57.2wordpress
AND
themerexbugster-pests_controlRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.57wordpress
AND
themerexrumble-single_fighter_boxer,_news,_gym,_storeRange<1.0.4wordpress
Node
themerexaddonsMatch1.6.56wordpress
AND
themerextacticool-shooting_range_wordpress_themeRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.55.4wordpress
AND
themerexcoinpress-cryptocurrency_magazine_&_blog_wordpress_themeRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.55.7wordpress
AND
themerexvihara-ashram,_buddhistRange<1.1.2001wordpress
Node
themerexaddonsMatch1.6.55.3wordpress
AND
themerexkatelyn-gutenberg_wordpress_blog_themeRange<1.0.4wordpress
Node
themerexaddonsMatch1.6.55.1wordpress
AND
themerexheaven_11-multiskin_property_themeRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.54wordpress
AND
themerexespecio-food_gutenberg_themeRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.53.1wordpress
AND
themerexpartiso_electioncampaignRange<1.1.2002wordpress
Node
themerexaddonsMatch1.6.53.3wordpress
AND
themerexkargo-freight_transportRange<1.1.2004wordpress
Node
themerexaddonsMatch1.6.53.2wordpress
AND
themerexmaxify-startup_blogRange<1.0.4wordpress
Node
themerexaddonsMatch1.6.53.1wordpress
AND
themerexlingvico-language_learning_schoolRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.53.2wordpress
AND
themerexaldo-gutenberg_wordpress_blog_themeRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.52.2wordpress
AND
themerexvixus-startup_/_mobile_applicationRange<1.0.4wordpress
Node
themerexaddonsMatch1.6.52.1wordpress
AND
themerexwellspring_water_filter_systemsRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.52.1wordpress
AND
themerexnazareth-churchRange<1.0.5wordpress
Node
themerexaddonsMatch1.6.53wordpress
AND
themerextediss-soft_play_area,_cafe_&_child_care_centerRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.51.3wordpress
AND
themerexyolox-startup_magazine_&_blog_wordpress_themeRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.51.3wordpress
AND
themerexmeals_and_wheels-food_truckRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.51.1wordpress
AND
themerexrosalinda-vegetarian_&_health_coachRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.50wordpress
AND
themerexvapesterRange<1.1.2001wordpress
Node
themerexaddonsMatch1.6.50wordpress
AND
themerexmodern_housewife-housewife_and_family_blogRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.50.1wordpress
AND
themerexchainpressRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.51.1wordpress
AND
themerexjustitia-multiskin_lawyer_themeRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.50wordpress
AND
themerexhobo_digital_nomad_blogRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.50.1wordpress
AND
themerexrhodos-creative_corporate_wordpress_themeRange<1.3.2001wordpress
Node
themerexaddonsMatch1.6.50wordpress
AND
themerexbuzz_stone-magazine_&_blogRange<1.0.3wordpress
Node
themerexaddonsMatch1.0.49.10wordpress
AND
themerexcorredo_sport_eventRange<1.1.2003wordpress
Node
themerexaddonsMatch1.6.49.8wordpress
AND
themerexsavejulia_personal_fundraising_campaignRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.49.6wordpress
AND
themerexbonkozoo_zooRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.49.6.2wordpress
AND
themerexrenewal-plastic_surgeon_clinicRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.49.5wordpress
AND
themerexgloss_blogRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.58.2wordpress
AND
themerexplumbing-repair,_building_&_construction_wordpress_themeRange<3.0.1wordpress
Node
themerexaddonsMatch1.6.61.2wordpress
AND
themerextopper_theme_and_skinsMatch-wordpress
ParameterPositionPathDescriptionCWE
scquery param/wp-json/trx_addons/V2/get/sc_layoutUnauthenticated access to the WordPress REST API endpoint can execute PHP functions and possibly inject admin accounts via the sc parameter.CWE-862CWE-94
rolequery param/wp-json/trx_addons/V2/get/sc_layoutUnauthenticated access to the WordPress REST API endpoint can execute PHP functions and possibly inject admin accounts via the sc parameter.CWE-862CWE-94
user_loginquery param/wp-json/trx_addons/V2/get/sc_layoutUnauthenticated access to the WordPress REST API endpoint can execute PHP functions and possibly inject admin accounts via the sc parameter.CWE-862CWE-94
user_passquery param/wp-json/trx_addons/V2/get/sc_layoutUnauthenticated access to the WordPress REST API endpoint can execute PHP functions and possibly inject admin accounts via the sc parameter.CWE-862CWE-94

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 04:55Current
9.4High risk
Vulners AI Score9.4
CVSS 27.5
CVSS 3.19.8
CVSS 39.8
EPSS0.6663
CWE-862CWE-94
cve-2020-10257themerex addonswordpresssecurityaccess controlrest apiphp functionsvulnerability
197