ThemeREX Addons - Remote Code Execution

ID WPEX-ID:10076
Type wpexploit
Reporter Wordfence
Modified 2020-09-22T08:26:12


"This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts." Note (WPScanTeam): There are major version inconsistencies in the trx_addons shipped with the affected themes. As a result, a common the fixed in version can not be set so far and we would recommend to see the posts from ThemeRex and Wordfence in the references below for the versions.