The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
124
Affected Products
2
References
themerex / addons
| - |
| themerex | chit_club-board_games | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | yottis-simple_portfolio | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | helion-agency_\&portfolio | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | amuli | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | nelson-barbershop_\+_tattoo_salon | 1.0.1.2001 | - |
| themerex | addons | - | - |
| themerex | hallelujah-church | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | right_way | 4.0.1 | - |
| themerex | addons | - | - |
| themerex | prider-pride_fest | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | mystik-esoterics | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | skydiving_and_flying_company | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | dronex-aerial_photography_services | 1.1.2001 | - |
| themerex | addons | - | - |
| themerex | samadhi-buddhist | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | tantum-rent_a_car\,_rent_a_bike\,_rent_a_scooter_multiskin_theme | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | scientia-public_library | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | blabber | 1.5.2009 | - |
| themerex | addons | - | - |
| themerex | impacto_patronus_multi-landing | 1.1.2001 | - |
| themerex | addons | - | - |
| themerex | rare_radio | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | piqes-creative_startup_\&_agency_wordpress_theme | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | kratz-digital_agency | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | pixefy | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | netmix-broadband_\&_telecom | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | kids_care | 3.0.5 | - |
| themerex | addons | - | - |
| themerex | briny-diving_wordpress_theme | 1.2.2000 | - |
| themerex | addons | - | - |
| themerex | tornados | 1.1.2001 | - |
| themerex | addons | - | - |
| themerex | gridiron | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | yungen-digital\/marketing_agency | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | fc_united-football | 1.0.7 | - |
| themerex | addons | - | - |
| themerex | bugster-pests_control | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | rumble-single_fighter_boxer\,_news\,_gym\,_store | 1.0.4 | - |
| themerex | addons | - | - |
| themerex | tacticool-shooting_range_wordpress_theme | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | coinpress-cryptocurrency_magazine_\&_blog_wordpress_theme | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | vihara-ashram\,_buddhist | 1.1.2001 | - |
| themerex | addons | - | - |
| themerex | katelyn-gutenberg_wordpress_blog_theme | 1.0.4 | - |
| themerex | addons | - | - |
| themerex | heaven_11-multiskin_property_theme | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | especio-food_gutenberg_theme | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | partiso_electioncampaign | 1.1.2002 | - |
| themerex | addons | - | - |
| themerex | kargo-freight_transport | 1.1.2004 | - |
| themerex | addons | - | - |
| themerex | maxify-startup_blog | 1.0.4 | - |
| themerex | addons | - | - |
| themerex | lingvico-language_learning_school | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | aldo-gutenberg_wordpress_blog_theme | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | vixus-startup_\/_mobile_application | 1.0.4 | - |
| themerex | addons | - | - |
| themerex | wellspring_water_filter_systems | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | nazareth-church | 1.0.5 | - |
| themerex | addons | - | - |
| themerex | tediss-soft_play_area\,_cafe_\&_child_care_center | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | yolox-startup_magazine_\&_blog_wordpress_theme | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | meals_and_wheels-food_truck | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | rosalinda-vegetarian_\&_health_coach | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | vapester | 1.1.2001 | - |
| themerex | addons | - | - |
| themerex | modern_housewife-housewife_and_family_blog | 1.0.2 | - |
| themerex | addons | - | - |
| themerex | chainpress | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | justitia-multiskin_lawyer_theme | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | hobo_digital_nomad_blog | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | rhodos-creative_corporate_wordpress_theme | 1.3.2001 | - |
| themerex | addons | - | - |
| themerex | buzz_stone-magazine_\&_blog | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | corredo_sport_event | 1.1.2003 | - |
| themerex | addons | - | - |
| themerex | savejulia_personal_fundraising_campaign | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | bonkozoo_zoo | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | renewal-plastic_surgeon_clinic | 1.0.3 | - |
| themerex | addons | - | - |
| themerex | gloss_blog | 1.0.1 | - |
| themerex | addons | - | - |
| themerex | plumbing-repair\,_building_\&_construction_wordpress_theme | 3.0.1 | - |
| themerex | addons | - | - |
| themerex | topper_theme_and_skins | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact