Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWordfenceWPEX-ID:4ED4E60E-5BBB-4010-A7FE-40EADD8DEE64
HistoryFeb 18, 2020 - 12:00 a.m.

ThemeREX Addons - Remote Code Execution

2020-02-1800:00:00
Wordfence
67

EPSS

0.101

Percentile

94.9%

JSON

“This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts.” Note (WPScanTeam): There are major version inconsistencies in the trx_addons shipped with the affected themes. As a result, a common the fixed in version can not be set so far and we would recommend to see the posts from ThemeRex and Wordfence in the references below for the versions.

https://[domain]/wp-json/trx_addons/V2/get/sc_layout?sc=wp_insert_user&role=administrator&user_login=admin&user_pass=admin

Related

prion 1
wpvulndb 1
patchstack 3
nvd 1
cvelist 1
cve 1
prion
prion
Design/Logic Flaw
2020-03-10 00:15:00
wpvulndb
wpvulndb
ThemeREX Addons - Remote Code Execution
2020-02-18 00:00:00
patchstack
patchstack
WordPress Ozeum premium theme <= 1.0.1 - Remote Code Execution (RCE) vulnerability
2020-02-18 00:00:00
WordPress Yottis premium theme <= 1.0 - Remote Code Execution (RCE) vulnerability
2020-02-18 00:00:00
WordPress Chit Club premium theme <= 1.0 - Remote Code Execution (RCE) vulnerability
2020-02-18 00:00:00
nvd
nvd
CVE-2020-10257
2020-03-10 00:15:10
cvelist
cvelist
CVE-2020-10257
2020-03-09 23:41:34
cve
cve
CVE-2020-10257
2020-03-10 00:15:10

EPSS

0.101

Percentile

94.9%

JSON
Related for WPEX-ID:4ED4E60E-5BBB-4010-A7FE-40EADD8DEE64
prion1wpvulndb1patchstack3nvd1cvelist1cve1