Skip to main content

Right Way

2 CVEs product

Monthly

CVE-2026-22330 HIGH This Week

Unauthenticated local file inclusion in the Themeum Right Way WordPress theme versions 4.0 and earlier allows remote attackers to include arbitrary local files and likely achieve code execution through PHP file inclusion (CWE-98). The flaw is network-reachable without credentials, though CVSS records high attack complexity (AC:H), and no public exploit has been identified at time of analysis. The advisory is sourced from Patchstack's WordPress vulnerability database.

PHP Information Disclosure LFI Right Way
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-10257 CRITICAL POC Act Now

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Code Injection PHP Addons +62
NVD
CVSS 3.1
9.8
EPSS
8.9%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the Themeum Right Way WordPress theme versions 4.0 and earlier allows remote attackers to include arbitrary local files and likely achieve code execution through PHP file inclusion (CWE-98). The flaw is network-reachable without credentials, though CVSS records high attack complexity (AC:H), and no public exploit has been identified at time of analysis. The advisory is sourced from Patchstack's WordPress vulnerability database.

PHP Information Disclosure LFI +1
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Code Injection +64
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy