ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0) +11753 more potentially affected by CVE-2016-3674 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.8)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =1.3, =0.1.0, =0.1.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =0.0.1, =0.0.10, =0.0.10, =0.0.10, =0.2.2, =0.0.11, =0.2.3 and more Source cves: CVE-2016-3674 Source advisory: OSV:GHSA-RGH3-987H-WPMW...

WordPress Unauthorized Operation Vulnerability (CNVD-2020-29838)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ultimate Addons for Elementor is an extension plugin that uses one of the Elementor page builder plugins. A security vulnerability exis...

CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...

CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...

CVE-2020-13125

The CVE-2020-13125 entry concerns the Ultimate Addons for Elementor WordPress plugin (

VulnCheck KEV: CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...

PT-2020-13342

Name of the Vulnerable Software and Affected Versions Ultimate Addons for Elementor plugin versions prior to 1.24.2 Description An issue in the Ultimate Addons for Elementor plugin allows unauthenticated attackers to create users with the Subscriber role, even when registration is disabled. This...

Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload

According to Jerome Bruandet, from NintechNet, the vulnerability, currently exploited by attackers, allows any logged-in user to upload and execute PHP scripts on the blog. Chloe Chamberland from Wordfence also confirmed the issue and added that "This vulnerability is being used in conjunction wi...

Ultimate Addons for Elementor < 1.24.2 - Registration Bypass

"The Ultimate Addons for Elementor plugin recently patched a vulnerability in version 1.24.2 that allows attackers to create subscriber-level users, even if registration is disabled on a WordPress site." This vulnerability is being used in conjunction with a 0-day vulnerability in Elementor PRO...

MGASA-2020-0183 Updated kernel packages fix security vulnerabilities

This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lea...

Updated kernel packages fix security vulnerabilities

This provides an update to kernel 5.6 series, currently based on upstream 5.6.6 adding support for new hardware and features, and fixes at least the following security issues: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lea...

Gutenberg Blocks - Ultimate Addons for Gutenberg < 1.14.8 - Authenticated Settings Change

The Gutenberg Blocks – Ultimate Addons for Gutenberg WordPress plugin was affected by an Ultimate Addons for Gutenberg 1.14.8 - Authenticated Settings Change security vulnerability...

Popular ThemeREX WordPress Plugin Opens Websites to RCE

A critical vulnerability in a WordPress plugin known as “ThemeREX Addons” could open the door for remote code execution in tens of thousands of websites. According to Wordfence, the bug has been actively exploited in the wild as a zero-day. The plugin, which is installed on approximately 44,000...

Popular ThemeREX WordPress Plugin Opens Websites to RCE

A critical vulnerability in a WordPress plugin known as “ThemeREX Addons” could open the door for remote code execution in tens of thousands of websites. According to Wordfence, the bug has been actively exploited in the wild as a zero-day. The plugin, which is installed on approximately 44,000...

CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

ThemeREX Addons Remote Code Execution Vulnerability

WordPress plugin ThemeREX Addons is a plugin that works with various ThemeREX themes, featuring several theme enhancements and widgets that extend the functionality of the theme in question. A remote code execution vulnerability exists in versions of ThemeREX Addons prior to 2020-03-09. The...

CVE-2020-10257

CVE-2020-10257 concerns the WordPress ThemeREX Addons plugin prior to 2020-03-09. The issue is an access-control flaw in the /trx_addons/v2/get/sc_layout REST API endpoint: includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter, allowing unauthenticated users...

CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

VulnCheck KEV: CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

ThemeREX Addons - Remote Code Execution

"This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts." Note WPScanTeam: There are major version inconsistencies in the trxaddons shipped with the affected themes. As a result, a...