PT-2020-12010 · Themerex · Themerex Addons

Arne Breitsprecher

Published

2020-03-09

Updated

2021-07-21

CVE-2020-10257

CVSS v3.1

9.8

Critical

Vector

AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions ThemeREX Addons plugin versions prior to 2020-03-09

Description The issue concerns a lack of access control on the "/trx addons/v2/get/sc layout" API endpoint, allowing any user to execute PHP functions. This is due to the trx addons rest get sc layout function being called with an unsafe sc parameter in the includes/plugin.rest-api.php file.

Recommendations For ThemeREX Addons plugin versions prior to 2020-03-09, update to a version released after 2020-03-09 to resolve the issue. As a temporary workaround, consider restricting access to the "/trx addons/v2/get/sc layout" API endpoint to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-862

Related Identifiers

CVE-2020-10257

Affected Products

Themerex Addons

PT-2020-12010 · Themerex · Themerex Addons

CVE-2020-10257

Weakness Enumeration

Related Identifiers

Affected Products

References · 3