4 matches found
CVE-2020-10257
CVE-2020-10257 concerns the WordPress ThemeREX Addons plugin prior to 2020-03-09. The issue is an access-control flaw in the /trx_addons/v2/get/sc_layout REST API endpoint: includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter, allowing unauthenticated users...
CVE-2024-13448
CVE-2024-13448 affects the ThemeREX Addons WordPress plugin via arbitrary file uploads due to missing file type validation in trx_addons_uploads_save_data, affecting all versions up to 2.32.3. Unauthenticated upload could lead to remote code execution. Red Hat and other sources indicate remediati...
CVE-2025-0682
CVE-2025-0682 (ThemeREX Addons for WordPress) is an authenticated Local File Inclusion vulnerability affecting ThemeREX Addons versions up to and including 2.33.0. An attacker with contributor-level (or higher) privileges can abuse the trx_sc_reviews shortcode’s type attribute to include and exec...
CVE-2025-6997
CVE-2025-6997 : ThemeREX Addons for WordPress is vulnerable to a stored cross-site scripting (XSS) via SVG uploads in versions