Themerex Addons
4 CVEs affecting Themerex Addons. Latest disclosed: 2025-07-19. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-13448 | Critical | 9.8 | 2025-01-28 | The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' func… |
CVE-2020-10257 | Critical | 9.8 | 2020-03-10 | The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functio… |
CVE-2025-0682 | High | 8.8 | 2025-01-25 | The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode… |
CVE-2025-6997 | Medium | 6.4 | 2025-07-19 | The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due t… |