1 results (0.031 seconds)

CVSS: 9.8EPSS: 1%CPEs: 124EXPL: 1

09 Mar 2020 — The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter. El plugin ThemeREX Addons antes del 09-03-2020 para WordPress, presenta una falta de control de acceso en el endpoint de la API REST /trx_addons/v2/get/sc_layout, permitiendo que funciones PHP sean ejecutadas por cualqu... • https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •