Your review has been sent successfully

ThemeREX Addons Plugin (WordPress) Alert

498
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

20 February, 2020

● Critical

2020-937

All

Description:

Wordfence has released an alert to address a vulnerability in the following plugin:

  • ThemeREX Addons Plugin
    • Versions greater than 1.6.50

Threats:

Remote attacker could exploit this vulnerability by executing arbitrary code.

Best practice and Recommendations:

The CERT team encourages users to remove ThemeREX Addons pluging by:

  1. Remove file wp-content/plugins/includes/plugin.rest-api.php If the file is not in your plugin, then there is no problem at all.
  2. Remove the following line of code in wp-content/themes/theme_name/plugins/trx_addons/ trx_addions.php:

require_once TRX_ADDONS_PLUGIN_DIR_INCLUDES . 'plugin.rest-api.php';

For more details:

Last updated at 20 February, 2020

Rate the content

rate-icon
up icon