cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13448,https://securityvulnerability.io/vulnerability/CVE-2024-13448,Arbitrary File Upload Vulnerability in ThemeREX Addons Plugin for WordPress,"The ThemeREX Addons plugin for WordPress has a security flaw that allows for arbitrary file uploads due to insufficient file type validation in the 'trx_addons_uploads_save_data' function. This vulnerability affects all versions up to and including 2.32.3 and opens the door for unauthenticated attackers to potentially upload malicious files to the server of an affected site. Such an exploit can lead to serious security breaches, including remote code execution, putting user data and website integrity at risk.",WordPress,Themerex Addons,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,false,false,false,2025-01-28T06:38:41.703Z,0
CVE-2025-0682,https://securityvulnerability.io/vulnerability/CVE-2025-0682,Local File Inclusion Vulnerability in ThemeREX Addons Plugin for WordPress,"The ThemeREX Addons plugin for WordPress suffers from a Local File Inclusion vulnerability that impacts all versions up to and including 2.33.0. This issue arises through the 'trx_sc_reviews' shortcode where the 'type' attribute can be manipulated by authenticated attackers with contributor-level permissions or higher. This manipulation allows attackers to include and execute arbitrary files on the web server, potentially leading to unauthorized access, exposure of sensitive information, and execution of arbitrary PHP code. As a result, effective access controls can be bypassed, posing significant risks to the integrity and security of affected WordPress installations.",Wordpress,Themerex Addons,8.8,HIGH,0.0005000000237487257,false,,false,false,false,false,false,false,2025-01-25T05:30:06.255Z,0