PT-2026-27060 · WordPress · Trx Addons
Erwan Lr
·
Published
2026-03-23
·
Updated
2026-03-24
·
CVE-2026-1969
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
trx addons WordPress plugin versions prior to 2.38.5
Description
The software does not properly validate file types during an AJAX action, potentially allowing unauthenticated users to upload arbitrary files. This is related to a previous fix attempt.
Recommendations
Update to version 2.38.5 or later.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trx Addons