CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:themerex:addons:1.70.3:::::wordpress::
	cpe:2.3:a:themerex:ozeum-museum::::::wordpress::*

Configuration 2 (hide)

OR	cpe:2.3:a:themerex:addons:1.70.3:::::wordpress::
	cpe:2.3:a:themerex:chit_club-board_games::::::wordpress::*

Configuration 3 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.67:::::wordpress::
	cpe:2.3:a:themerex:yottis-simple_portfolio::::::wordpress::*

Configuration 4 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.66:::::wordpress::
	cpe:2.3:a:themerex:helion-agency_\&portfolio::::::wordpress::*

Configuration 5 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.66:::::wordpress::
	cpe:2.3:a:themerex:amuli::::::wordpress::*

Configuration 6 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.65:::::wordpress::
	cpe:2.3:a:themerex:nelson-barbershop_\+_tattoo_salon::::::wordpress::*

Configuration 7 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.65:::::wordpress::
	cpe:2.3:a:themerex:hallelujah-church::::::wordpress::*

Configuration 8 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.65:::::wordpress::
	cpe:2.3:a:themerex:right_way::::::wordpress::*

Configuration 9 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.65:::::wordpress::
	cpe:2.3:a:themerex:prider-pride_fest::::::wordpress::*

Configuration 10 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.62.3:::::wordpress::
	cpe:2.3:a:themerex:mystik-esoterics::::::wordpress::*

Configuration 11 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.62.3:::::wordpress::
	cpe:2.3:a:themerex:skydiving_and_flying_company::::::wordpress::*

Configuration 12 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.62.1:::::wordpress::
	cpe:2.3:a:themerex:dronex-aerial_photography_services::::::wordpress::*

Configuration 13 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.61.2:::::wordpress::
	cpe:2.3:a:themerex:samadhi-buddhist::::::wordpress::*

Configuration 14 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.61.3:::::wordpress::
	cpe:2.3:a:themerex:tantum-rent_a_car\,_rent_a_bike\,_rent_a_scooter_multiskin_theme::::::wordpress::*

Configuration 15 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.61.2:::::wordpress::
	cpe:2.3:a:themerex:scientia-public_library::::::wordpress::*

Configuration 16 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.61.2:::::wordpress::
	cpe:2.3:a:themerex:blabber::::::wordpress::*

Configuration 17 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.61.1:::::wordpress::
	cpe:2.3:a:themerex:impacto_patronus_multi-landing::::::wordpress::*

Configuration 18 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.61:::::wordpress::
	cpe:2.3:a:themerex:rare_radio::::::wordpress::*

Configuration 19 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.60:::::wordpress::
	cpe:2.3:a:themerex:piqes-creative_startup_\&_agency_wordpress_theme::::::wordpress::*

Configuration 20 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.59.3:::::wordpress::
	cpe:2.3:a:themerex:kratz-digital_agency::::::wordpress::*

Configuration 21 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.59.2:::::wordpress::
	cpe:2.3:a:themerex:pixefy::::::wordpress::*

Configuration 22 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.59.1.1:::::wordpress::
	cpe:2.3:a:themerex:netmix-broadband_\&_telecom::::::wordpress::*

Configuration 23 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.59:::::wordpress::
	cpe:2.3:a:themerex:kids_care::::::wordpress::*

Configuration 24 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.58.2:::::wordpress::
	cpe:2.3:a:themerex:briny-diving_wordpress_theme::::::wordpress::*

Configuration 25 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.57.3:::::wordpress::
	cpe:2.3:a:themerex:tornados::::::wordpress::*

Configuration 26 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.57.4:::::wordpress::
	cpe:2.3:a:themerex:gridiron::::::wordpress::*

Configuration 27 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.57.2:::::wordpress::
	cpe:2.3:a:themerex:yungen-digital\/marketing_agency::::::wordpress::*

Configuration 28 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.57.3:::::wordpress::
	cpe:2.3:a:themerex:fc_united-football::::::wordpress::*

Configuration 29 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.57.2:::::wordpress::
	cpe:2.3:a:themerex:bugster-pests_control::::::wordpress::*

Configuration 30 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.57:::::wordpress::
	cpe:2.3:a:themerex:rumble-single_fighter_boxer\,_news\,_gym\,_store::::::wordpress::*

Configuration 31 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.56:::::wordpress::
	cpe:2.3:a:themerex:tacticool-shooting_range_wordpress_theme::::::wordpress::*

Configuration 32 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.55.4:::::wordpress::
	cpe:2.3:a:themerex:coinpress-cryptocurrency_magazine_\&_blog_wordpress_theme::::::wordpress::*

Configuration 33 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.55.7:::::wordpress::
	cpe:2.3:a:themerex:vihara-ashram\,_buddhist::::::wordpress::*

Configuration 34 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.55.3:::::wordpress::
	cpe:2.3:a:themerex:katelyn-gutenberg_wordpress_blog_theme::::::wordpress::*

Configuration 35 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.55.1:::::wordpress::
	cpe:2.3:a:themerex:heaven_11-multiskin_property_theme::::::wordpress::*

Configuration 36 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.54:::::wordpress::
	cpe:2.3:a:themerex:especio-food_gutenberg_theme::::::wordpress::*

Configuration 37 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.53.1:::::wordpress::
	cpe:2.3:a:themerex:partiso_electioncampaign::::::wordpress::*

Configuration 38 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.53.3:::::wordpress::
	cpe:2.3:a:themerex:kargo-freight_transport::::::wordpress::*

Configuration 39 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.53.2:::::wordpress::
	cpe:2.3:a:themerex:maxify-startup_blog::::::wordpress::*

Configuration 40 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.53.1:::::wordpress::
	cpe:2.3:a:themerex:lingvico-language_learning_school::::::wordpress::*

Configuration 41 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.53.2:::::wordpress::
	cpe:2.3:a:themerex:aldo-gutenberg_wordpress_blog_theme::::::wordpress::*

Configuration 42 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.52.2:::::wordpress::
	cpe:2.3:a:themerex:vixus-startup_\/_mobile_application::::::wordpress::*

Configuration 43 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.52.1:::::wordpress::
	cpe:2.3:a:themerex:wellspring_water_filter_systems::::::wordpress::*

Configuration 44 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.52.1:::::wordpress::
	cpe:2.3:a:themerex:nazareth-church::::::wordpress::*

Configuration 45 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.53:::::wordpress::
	cpe:2.3:a:themerex:tediss-soft_play_area\,_cafe_\&_child_care_center::::::wordpress::*

Configuration 46 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.51.3:::::wordpress::
	cpe:2.3:a:themerex:yolox-startup_magazine_\&_blog_wordpress_theme::::::wordpress::*

Configuration 47 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.51.3:::::wordpress::
	cpe:2.3:a:themerex:meals_and_wheels-food_truck::::::wordpress::*

Configuration 48 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.51.1:::::wordpress::
	cpe:2.3:a:themerex:rosalinda-vegetarian_\&_health_coach::::::wordpress::*

Configuration 49 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.50:::::wordpress::
	cpe:2.3:a:themerex:vapester::::::wordpress::*

Configuration 50 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.50:::::wordpress::
	cpe:2.3:a:themerex:modern_housewife-housewife_and_family_blog::::::wordpress::*

Configuration 51 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.50.1:::::wordpress::
	cpe:2.3:a:themerex:chainpress::::::wordpress::*

Configuration 52 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.51.1:::::wordpress::
	cpe:2.3:a:themerex:justitia-multiskin_lawyer_theme::::::wordpress::*

Configuration 53 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.50:::::wordpress::
	cpe:2.3:a:themerex:hobo_digital_nomad_blog::::::wordpress::*

Configuration 54 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.50.1:::::wordpress::
	cpe:2.3:a:themerex:rhodos-creative_corporate_wordpress_theme::::::wordpress::*

Configuration 55 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.50:::::wordpress::
	cpe:2.3:a:themerex:buzz_stone-magazine_\&_blog::::::wordpress::*

Configuration 56 (hide)

OR	cpe:2.3:a:themerex:addons:1.0.49.10:::::wordpress::
	cpe:2.3:a:themerex:corredo_sport_event::::::wordpress::*

Configuration 57 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.49.8:::::wordpress::
	cpe:2.3:a:themerex:savejulia_personal_fundraising_campaign::::::wordpress::*

Configuration 58 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.49.6:::::wordpress::
	cpe:2.3:a:themerex:bonkozoo_zoo::::::wordpress::*

Configuration 59 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.49.6.2:::::wordpress::
	cpe:2.3:a:themerex:renewal-plastic_surgeon_clinic::::::wordpress::*

Configuration 60 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.49.5:::::wordpress::
	cpe:2.3:a:themerex:gloss_blog::::::wordpress::*

Configuration 61 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.58.2:::::wordpress::
	cpe:2.3:a:themerex:plumbing-repair\,_building_\&_construction_wordpress_theme::::::wordpress::*

Configuration 62 (hide)

OR	cpe:2.3:a:themerex:addons:1.6.61.2:::::wordpress::
	cpe:2.3:a:themerex:topper_theme_and_skins:-:::::wordpress::

History

No history.

Information

Published : 2020-03-10 00:15

Updated : 2024-02-28 17:28

NVD link : CVE-2020-10257

Mitre link : CVE-2020-10257

CVE.ORG link : CVE-2020-10257

JSON object : View

Products Affected

themerex

fc_united-football
savejulia_personal_fundraising_campaign
nazareth-church
netmix-broadband_\&_telecom
hallelujah-church
vihara-ashram\,_buddhist
yolox-startup_magazine_\&_blog_wordpress_theme
maxify-startup_blog
yottis-simple_portfolio
skydiving_and_flying_company
meals_and_wheels-food_truck
dronex-aerial_photography_services
plumbing-repair\,_building_\&_construction_wordpress_theme
briny-diving_wordpress_theme
tediss-soft_play_area\,_cafe_\&_child_care_center
scientia-public_library
modern_housewife-housewife_and_family_blog
rosalinda-vegetarian_\&_health_coach
chainpress
addons
mystik-esoterics
rare_radio
impacto_patronus_multi-landing
prider-pride_fest
corredo_sport_event
tantum-rent_a_car\,_rent_a_bike\,_rent_a_scooter_multiskin_theme
right_way
partiso_electioncampaign
samadhi-buddhist
piqes-creative_startup_\&_agency_wordpress_theme
especio-food_gutenberg_theme
lingvico-language_learning_school
justitia-multiskin_lawyer_theme
yungen-digital\/marketing_agency
nelson-barbershop_\+_tattoo_salon
bugster-pests_control
tornados
rumble-single_fighter_boxer\,_news\,_gym\,_store
tacticool-shooting_range_wordpress_theme
heaven_11-multiskin_property_theme
ozeum-museum
aldo-gutenberg_wordpress_blog_theme
wellspring_water_filter_systems
gloss_blog
rhodos-creative_corporate_wordpress_theme
helion-agency_\&portfolio
vapester
hobo_digital_nomad_blog
buzz_stone-magazine_\&_blog
kargo-freight_transport
chit_club-board_games
pixefy
gridiron
bonkozoo_zoo
kids_care
amuli
kratz-digital_agency
vixus-startup_\/_mobile_application
topper_theme_and_skins
coinpress-cryptocurrency_magazine_\&_blog_wordpress_theme
renewal-plastic_surgeon_clinic
blabber
katelyn-gutenberg_wordpress_blog_theme

CWE

CWE-862

Missing Authorization

CWE-94

Improper Control of Generation of Code ('Code Injection')

9.8 /10