SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  WordPress plugin ThemeREX Addons Remote Code Execution

Category: WEB-ATTACKS      

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4479


Relevant Information