Addons@* Security Vulnerabilities and Issues — Addons@* CVE List

Lucene search

ThemerexAddons*

3 matches found

CVE•added 2025/01/25 6:15 a.m.•59 views

CVE-2025-0682

The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute a...

8.8CVSS8.9AI score0.00154EPSS

CVE•added 2025/01/28 7:15 a.m.•53 views

CVE-2024-13448

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the aff...

9.8CVSS8.1AI score0.00736EPSS

CVE•added 2025/07/19 9:15 a.m.•7 views

CVE-2025-6997

The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trx_addons_get_svg_from_file() function ...

6.4CVSS5.8AI score0.00029EPSS