Themerex Themerex Addons

4 CVEs affecting Themerex Themerex Addons. Latest disclosed: 2026-06-17. Critical: 2, High: 1.

Top CVEs affecting Themerex Themerex Addons
CVESeverityScorePublishedSummary
CVE-2025-60205Critical9.82026-06-17Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
CVE-2024-13448Critical9.82025-01-28The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' func…
CVE-2025-0682High8.82025-01-25The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode…
CVE-2025-6997Medium6.42025-07-19The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due t…