fkie_cve-2020-10257
Vulnerability from fkie_nvd
Published
2020-03-10 00:15
Modified
2024-11-21 04:55
Severity ?
Summary
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/ | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.70.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "415D8A2D-344D-4A75-A834-C6C4C68ACF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:ozeum-museum:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "76F58E84-8810-4221-BC84-5B152A53529D",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.70.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "415D8A2D-344D-4A75-A834-C6C4C68ACF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:chit_club-board_games:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B9A00971-2A40-476B-BB49-4D0FA36DE6CA",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.67:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0F2EF7DE-F1C2-4245-A5EF-7BBD702B76F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:yottis-simple_portfolio:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7AF13B64-D55F-4D02-9D77-95CF994AE995",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.66:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3661314B-3DD1-495E-9EDC-3A01725A06E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:helion-agency_\\\u0026portfolio:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EE4A6B17-FB56-4BCB-A725-B8BD0A1031A2",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.66:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3661314B-3DD1-495E-9EDC-3A01725A06E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:amuli:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CC9A01E6-7BFB-4FC7-B3AA-CC812DBEC186",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.65:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F96C11A5-9A64-4F0D-A9B8-308C4A06B997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:nelson-barbershop_\\+_tattoo_salon:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3A335E4B-84C4-4FC7-BD47-6D939ED5782C",
"versionEndExcluding": "1.0.1.2001",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.65:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F96C11A5-9A64-4F0D-A9B8-308C4A06B997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:hallelujah-church:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7700EC98-EB55-420A-B194-B394C5479827",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.65:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F96C11A5-9A64-4F0D-A9B8-308C4A06B997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:right_way:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "150D52DF-FE9F-46CC-AA67-D0F9F9D27593",
"versionEndExcluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.65:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F96C11A5-9A64-4F0D-A9B8-308C4A06B997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:prider-pride_fest:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "79D33A86-DB23-4903-B241-8A42D290C9DF",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.62.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7ECD4BD2-C6E4-4B61-B4D1-ABB96C151153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:mystik-esoterics:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3AA23F39-84FE-43DE-80BF-9A0F5A13E630",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.62.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7ECD4BD2-C6E4-4B61-B4D1-ABB96C151153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:skydiving_and_flying_company:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "87B005BC-1CBD-47C2-8D99-40F82DE0EDB3",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.62.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DDF94FB5-C3CB-4272-9382-7BD1770C454A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:dronex-aerial_photography_services:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A781A3AB-613E-4FC6-A2F9-9D644261C21C",
"versionEndExcluding": "1.1.2001",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.61.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "089C99E9-CB27-4A5B-B5C4-ABCF34619C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:samadhi-buddhist:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EFE13FB9-41A3-4EAC-9E01-13300957BF87",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.61.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7AE5EF9D-ABDA-4F54-9A61-F2019C2BC859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:tantum-rent_a_car\\,_rent_a_bike\\,_rent_a_scooter_multiskin_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "45A34C98-9240-483F-99D0-C5FDC2AA0D3D",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.61.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "089C99E9-CB27-4A5B-B5C4-ABCF34619C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:scientia-public_library:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A3EB47EC-7629-4467-8378-A5E3FCBB853C",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.61.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "089C99E9-CB27-4A5B-B5C4-ABCF34619C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:blabber:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0B19EEE4-6E11-4AEF-804C-16277D952B39",
"versionEndExcluding": "1.5.2009",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.61.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E3EA645A-993C-42A0-A80B-F0A661D15633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:impacto_patronus_multi-landing:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6F9A55CA-206F-4A2B-B86E-243D19474DDB",
"versionEndExcluding": "1.1.2001",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.61:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F7C95469-9D20-4591-A0BA-C3965DD36083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:rare_radio:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8ADA9804-F197-47AD-ADEE-616E913834D7",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.60:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5E9E0369-067F-4186-9D5D-33CA5EC9C791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:piqes-creative_startup_\\\u0026_agency_wordpress_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EE320DA3-CC76-499A-A677-F3DA87E0B986",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.59.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "234568F6-471D-4B48-AEEC-503B17C86C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:kratz-digital_agency:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "23A4FDDE-F120-46F1-ABD7-B82BDAD2A492",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.59.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1DBF97DA-57D9-439B-B143-660F6A61EB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:pixefy:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C16B1817-9FBB-4EEE-9E86-3ECDCBB8B504",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.59.1.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6A4EB921-5FCA-45A2-BFA5-9CD80618EC8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:netmix-broadband_\\\u0026_telecom:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CF93FC05-3096-4279-B2BE-8DEF99CC49ED",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.59:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3CB9A69F-36AF-4BC8-91B9-662F3D93289B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:kids_care:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A3AC4B03-2C61-4D67-9C20-3DC523A24B48",
"versionEndExcluding": "3.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.58.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9249BF20-B351-4512-9811-9266942265D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:briny-diving_wordpress_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4E588690-A2D2-4A98-9C8F-07CC7C9A8C4D",
"versionEndExcluding": "1.2.2000",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.57.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "41F85647-F147-4AC8-B218-ECA404225F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:tornados:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "04BD29FF-6355-4DBA-9289-D55C01459EE2",
"versionEndExcluding": "1.1.2001",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.57.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1BA29CAB-0BB3-405D-A765-80AD9F96BC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:gridiron:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FBF5DC5A-2B7F-41E4-87B8-E8D7FBC86414",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.57.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0BFA7BBD-0DD9-4E6D-81E3-F97307046178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:yungen-digital\\/marketing_agency:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D708AC36-90A1-429E-B57B-5F5623FFF05D",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.57.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "41F85647-F147-4AC8-B218-ECA404225F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:fc_united-football:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D7EAE9F1-3D4B-4295-BA23-F9236B43FF34",
"versionEndExcluding": "1.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.57.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0BFA7BBD-0DD9-4E6D-81E3-F97307046178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:bugster-pests_control:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2306DD6E-97D4-4138-957A-EB97FBC56575",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.57:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "72DDDE9D-0318-4E2D-B823-5E8C131A8C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:rumble-single_fighter_boxer\\,_news\\,_gym\\,_store:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "65F561FD-ABEF-4A54-8A79-36275DFF41B8",
"versionEndExcluding": "1.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.56:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D9D8E72C-E175-4BAF-931D-08BBADCFE8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:tacticool-shooting_range_wordpress_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F5455FBD-2F66-462A-85E1-317357FC8DC1",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.55.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FF760417-7D3C-4318-A534-AD3BF2F90A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:coinpress-cryptocurrency_magazine_\\\u0026_blog_wordpress_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "868125DA-4B87-44C2-92F8-312CC2012B4F",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.55.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A7114AAF-A988-4D9E-8075-B8E09D234835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:vihara-ashram\\,_buddhist:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5BD68932-E838-432F-8473-84B3F272396D",
"versionEndExcluding": "1.1.2001",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.55.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EE14B83E-CD6E-45C6-97ED-4DF9C765B8C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:katelyn-gutenberg_wordpress_blog_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "26CAE12E-D7BA-4670-86C2-5D8E538F3A6C",
"versionEndExcluding": "1.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.55.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "292EFA6F-4DDD-484E-999E-A931059A98A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:heaven_11-multiskin_property_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2C9477E5-0E73-49A0-9420-4EA4DD750AD5",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.54:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0A95FDC3-F37A-4D19-B252-1B5DCD041D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:especio-food_gutenberg_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F0E5638A-164E-482B-A19D-032F871F9914",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.53.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "727050AA-319A-472A-BC47-A7C52D3D78A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:partiso_electioncampaign:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F715FE4B-1C1B-4728-9854-8C67A77B2FE4",
"versionEndExcluding": "1.1.2002",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.53.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7B8B2A0B-A18A-4F61-9E05-5B5A1E887C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:kargo-freight_transport:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DF407634-F80B-4FF2-B496-9338319EC333",
"versionEndExcluding": "1.1.2004",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.53.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "79C619F5-8F21-4D83-B480-472ABB74D78A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:maxify-startup_blog:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "152E3D37-488D-40EF-8650-55EB0E55D266",
"versionEndExcluding": "1.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.53.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "727050AA-319A-472A-BC47-A7C52D3D78A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:lingvico-language_learning_school:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F3E948CD-78E2-45C0-87D1-9912FE3295D2",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.53.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "79C619F5-8F21-4D83-B480-472ABB74D78A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:aldo-gutenberg_wordpress_blog_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "526A096A-DDC6-4BB7-87D4-C30946D5956E",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.52.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4E05F3AE-0D09-47DF-ACC2-58E656E87FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:vixus-startup_\\/_mobile_application:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F6431FAE-D3F2-4F0B-8E2E-B3AF958F589F",
"versionEndExcluding": "1.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.52.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "832709EC-9F72-425E-A091-4BA3B30D44FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:wellspring_water_filter_systems:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4E370374-4060-459A-905B-55D9A01E7660",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.52.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "832709EC-9F72-425E-A091-4BA3B30D44FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:nazareth-church:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4F6E1F20-427A-4D01-800B-96F64092E968",
"versionEndExcluding": "1.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.53:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "ED35A9AC-DDEC-49A9-9154-EB9C13B3BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:tediss-soft_play_area\\,_cafe_\\\u0026_child_care_center:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B097B9AD-C06D-474C-BB71-6F3CC6F3EC2F",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.51.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B06D0160-ADC8-4AE7-B35C-64862D850964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:yolox-startup_magazine_\\\u0026_blog_wordpress_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "868BCA71-CCC3-4617-9747-ACC6E3240E00",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.51.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B06D0160-ADC8-4AE7-B35C-64862D850964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:meals_and_wheels-food_truck:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D386062B-F308-4ED0-A30C-0B86F57DC623",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.51.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CD6FABBE-A686-4EE2-AFAE-7D78CF3B4064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:rosalinda-vegetarian_\\\u0026_health_coach:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5D92C6CD-B6D7-4782-8B43-7856CF11D04F",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.50:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A40C76BD-DD5E-4546-8D8E-1496069C0B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:vapester:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "23E53397-A8CB-480F-AE32-2D2092B7E382",
"versionEndExcluding": "1.1.2001",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.50:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A40C76BD-DD5E-4546-8D8E-1496069C0B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:modern_housewife-housewife_and_family_blog:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "78687932-3E1F-4C47-96BA-E0BF25FBFACD",
"versionEndExcluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.50.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1B364A8C-228A-44A4-80B1-8E471C06493B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:chainpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F44C865E-FC06-4CFA-848E-80CA3C3A1987",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.51.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CD6FABBE-A686-4EE2-AFAE-7D78CF3B4064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:justitia-multiskin_lawyer_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1F431DFE-C643-4CDA-89D6-25BBBA91491C",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.50:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A40C76BD-DD5E-4546-8D8E-1496069C0B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:hobo_digital_nomad_blog:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4D25045C-BDF8-4A5C-96A3-7F45CD4A1CDF",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.50.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1B364A8C-228A-44A4-80B1-8E471C06493B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:rhodos-creative_corporate_wordpress_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0D8858EB-787E-45D1-B1C2-5D023840BCCA",
"versionEndExcluding": "1.3.2001",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.50:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A40C76BD-DD5E-4546-8D8E-1496069C0B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:buzz_stone-magazine_\\\u0026_blog:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A18D53D3-1D92-43A8-AB72-0C971C6A8C51",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.0.49.10:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F7EDB5DE-C5E5-4C68-A83C-EF7C6C630163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:corredo_sport_event:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "431FFDA6-254A-4387-9894-CCC5AFA9D573",
"versionEndExcluding": "1.1.2003",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.49.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "533F071F-26BB-4978-91E3-97FECD4EECDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:savejulia_personal_fundraising_campaign:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7159FD8E-6E68-4FC7-AA46-31205226DE0C",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.49.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "310CFAEA-F13F-4B15-8E9A-13AE7CFFEA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:bonkozoo_zoo:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DAA36195-F528-4F08-A0A5-A87C6BD9995A",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.49.6.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "43002470-1B51-44AB-A07E-F7796443987B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:renewal-plastic_surgeon_clinic:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B206FC3A-C47F-4D83-8848-28A1E376AC46",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.49.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D608B893-4F2D-4828-91F8-2E4B597A3C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:gloss_blog:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8A379218-18C2-4F3D-912B-5999628796AA",
"versionEndExcluding": "1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.58.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9249BF20-B351-4512-9811-9266942265D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:plumbing-repair\\,_building_\\\u0026_construction_wordpress_theme:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "469075B3-560A-4EFD-8B81-62A6FFBC5853",
"versionEndExcluding": "3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themerex:addons:1.6.61.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "089C99E9-CB27-4A5B-B5C4-ABCF34619C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:themerex:topper_theme_and_skins:-:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4ED89805-5F82-40BA-B669-7416602E5938",
"vulnerable": true
}
],
"negate": false,
"operator": "AND"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter."
},
{
"lang": "es",
"value": "El plugin ThemeREX Addons antes del 09-03-2020 para WordPress, presenta una falta de control de acceso en el endpoint de la API REST /trx_addons/v2/get/sc_layout, permitiendo que funciones PHP sean ejecutadas por cualquier usuario, porque el archivo includes/plugin.rest-api.php llama a la funci\u00f3n trx_addons_rest_get_sc_layout con un par\u00e1metro sc no seguro."
}
],
"id": "CVE-2020-10257",
"lastModified": "2024-11-21T04:55:05.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-10T00:15:10.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
},
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…