Skip to main content

Rhodos Creative Corporate Wordpress Theme

1 CVEs product

Monthly

CVE-2020-10257 CRITICAL POC Act Now

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Code Injection PHP Addons +62
NVD
CVSS 3.1
9.8
EPSS
8.9%
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Code Injection +64
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy