Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-10257
HistoryMar 10, 2020 - 12:15 a.m.

CVE-2020-10257

2020-03-1000:15:10
CWE-94
CWE-862
[email protected]
web.nvd.nist.gov
137
cve-2020-10257
themerex addons
wordpress
security
access control
rest api
php functions
vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.101 Low

EPSS

Percentile

95.0%

JSON

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.

Affected configurations

NVD
Node
themerexaddonsMatch1.70.3wordpress
AND
themerexozeum-museumRange<1.0.2wordpress
Node
themerexaddonsMatch1.70.3wordpress
AND
themerexchit_club-board_gamesRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.67wordpress
AND
themerexyottis-simple_portfolioRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.66wordpress
AND
themerexhelion-agency_\&portfolioRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.66wordpress
AND
themerexamuliRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.65wordpress
AND
themerexnelson-barbershop_\+_tattoo_salonRange<1.0.1.2001wordpress
Node
themerexaddonsMatch1.6.65wordpress
AND
themerexhallelujah-churchRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.65wordpress
AND
themerexright_wayRange<4.0.1wordpress
Node
themerexaddonsMatch1.6.65wordpress
AND
themerexprider-pride_festRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.62.3wordpress
AND
themerexmystik-esotericsRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.62.3wordpress
AND
themerexskydiving_and_flying_companyRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.62.1wordpress
AND
themerexdronex-aerial_photography_servicesRange<1.1.2001wordpress
Node
themerexaddonsMatch1.6.61.2wordpress
AND
themerexsamadhi-buddhistRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.61.3wordpress
AND
themerextantum-rent_a_car\,_rent_a_bike\,_rent_a_scooter_multiskin_themeRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.61.2wordpress
AND
themerexscientia-public_libraryRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.61.2wordpress
AND
themerexblabberRange<1.5.2009wordpress
Node
themerexaddonsMatch1.6.61.1wordpress
AND
themereximpacto_patronus_multi-landingRange<1.1.2001wordpress
Node
themerexaddonsMatch1.6.61wordpress
AND
themerexrare_radioRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.60wordpress
AND
themerexpiqes-creative_startup_\&_agency_wordpress_themeRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.59.3wordpress
AND
themerexkratz-digital_agencyRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.59.2wordpress
AND
themerexpixefyRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.59.1.1wordpress
AND
themerexnetmix-broadband_\&_telecomRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.59wordpress
AND
themerexkids_careRange<3.0.5wordpress
Node
themerexaddonsMatch1.6.58.2wordpress
AND
themerexbriny-diving_wordpress_themeRange<1.2.2000wordpress
Node
themerexaddonsMatch1.6.57.3wordpress
AND
themerextornadosRange<1.1.2001wordpress
Node
themerexaddonsMatch1.6.57.4wordpress
AND
themerexgridironRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.57.2wordpress
AND
themerexyungen-digital\/marketing_agencyRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.57.3wordpress
AND
themerexfc_united-footballRange<1.0.7wordpress
Node
themerexaddonsMatch1.6.57.2wordpress
AND
themerexbugster-pests_controlRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.57wordpress
AND
themerexrumble-single_fighter_boxer\,_news\,_gym\,_storeRange<1.0.4wordpress
Node
themerexaddonsMatch1.6.56wordpress
AND
themerextacticool-shooting_range_wordpress_themeRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.55.4wordpress
AND
themerexcoinpress-cryptocurrency_magazine_\&_blog_wordpress_themeRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.55.7wordpress
AND
themerexvihara-ashram\,_buddhistRange<1.1.2001wordpress
Node
themerexaddonsMatch1.6.55.3wordpress
AND
themerexkatelyn-gutenberg_wordpress_blog_themeRange<1.0.4wordpress
Node
themerexaddonsMatch1.6.55.1wordpress
AND
themerexheaven_11-multiskin_property_themeRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.54wordpress
AND
themerexespecio-food_gutenberg_themeRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.53.1wordpress
AND
themerexpartiso_electioncampaignRange<1.1.2002wordpress
Node
themerexaddonsMatch1.6.53.3wordpress
AND
themerexkargo-freight_transportRange<1.1.2004wordpress
Node
themerexaddonsMatch1.6.53.2wordpress
AND
themerexmaxify-startup_blogRange<1.0.4wordpress
Node
themerexaddonsMatch1.6.53.1wordpress
AND
themerexlingvico-language_learning_schoolRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.53.2wordpress
AND
themerexaldo-gutenberg_wordpress_blog_themeRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.52.2wordpress
AND
themerexvixus-startup_\/_mobile_applicationRange<1.0.4wordpress
Node
themerexaddonsMatch1.6.52.1wordpress
AND
themerexwellspring_water_filter_systemsRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.52.1wordpress
AND
themerexnazareth-churchRange<1.0.5wordpress
Node
themerexaddonsMatch1.6.53wordpress
AND
themerextediss-soft_play_area\,_cafe_\&_child_care_centerRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.51.3wordpress
AND
themerexyolox-startup_magazine_\&_blog_wordpress_themeRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.51.3wordpress
AND
themerexmeals_and_wheels-food_truckRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.51.1wordpress
AND
themerexrosalinda-vegetarian_\&_health_coachRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.50wordpress
AND
themerexvapesterRange<1.1.2001wordpress
Node
themerexaddonsMatch1.6.50wordpress
AND
themerexmodern_housewife-housewife_and_family_blogRange<1.0.2wordpress
Node
themerexaddonsMatch1.6.50.1wordpress
AND
themerexchainpressRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.51.1wordpress
AND
themerexjustitia-multiskin_lawyer_themeRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.50wordpress
AND
themerexhobo_digital_nomad_blogRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.50.1wordpress
AND
themerexrhodos-creative_corporate_wordpress_themeRange<1.3.2001wordpress
Node
themerexaddonsMatch1.6.50wordpress
AND
themerexbuzz_stone-magazine_\&_blogRange<1.0.3wordpress
Node
themerexaddonsMatch1.0.49.10wordpress
AND
themerexcorredo_sport_eventRange<1.1.2003wordpress
Node
themerexaddonsMatch1.6.49.8wordpress
AND
themerexsavejulia_personal_fundraising_campaignRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.49.6wordpress
AND
themerexbonkozoo_zooRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.49.6.2wordpress
AND
themerexrenewal-plastic_surgeon_clinicRange<1.0.3wordpress
Node
themerexaddonsMatch1.6.49.5wordpress
AND
themerexgloss_blogRange<1.0.1wordpress
Node
themerexaddonsMatch1.6.58.2wordpress
AND
themerexplumbing-repair\,_building_\&_construction_wordpress_themeRange<3.0.1wordpress
Node
themerexaddonsMatch1.6.61.2wordpress
AND
themerextopper_theme_and_skinsMatch-wordpress

Related

cvelist 1
patchstack 3
wpvulndb 1
prion 1
wpexploit 1
nvd 1
cvelist
cvelist
CVE-2020-10257
2020-03-09 23:41:34
patchstack
patchstack
WordPress Yottis premium theme <= 1.0 - Remote Code Execution (RCE) vulnerability
2020-02-18 00:00:00
WordPress Ozeum premium theme <= 1.0.1 - Remote Code Execution (RCE) vulnerability
2020-02-18 00:00:00
WordPress Chit Club premium theme <= 1.0 - Remote Code Execution (RCE) vulnerability
2020-02-18 00:00:00
wpvulndb
wpvulndb
ThemeREX Addons - Remote Code Execution
2020-02-18 00:00:00
prion
prion
Design/Logic Flaw
2020-03-10 00:15:00
wpexploit
wpexploit
ThemeREX Addons - Remote Code Execution
2020-02-18 00:00:00
nvd
nvd
CVE-2020-10257
2020-03-10 00:15:10

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.101 Low

EPSS

Percentile

95.0%

JSON
Related for CVE-2020-10257
cvelist1patchstack3wpvulndb1prion1wpexploit1nvd1