4 matches found
CVE-2025-0682
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trxscreviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
CVE-2025-0682
creationtimestamp| type| source ---|---|--- 2025-01-25 05:31:09+00:00| seen| https://infosec.exchange/users/cve/statuses/113887351235769010 2025-01-25 06:05:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3048 2025-01-25 07:00:19+00:00| seen|...
CVE-2025-0682 ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trxscreviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
CVE-2025-0682
CVE-2025-0682 (ThemeREX Addons for WordPress) is an authenticated Local File Inclusion vulnerability affecting ThemeREX Addons versions up to and including 2.33.0. An attacker with contributor-level (or higher) privileges can abuse the trx_sc_reviews shortcode’s type attribute to include and exec...