ThemeREX Addons Plugin (WordPress) Alert498
20 February, 2020
Wordfence has released an alert to address a vulnerability in the following plugin:
- ThemeREX Addons Plugin
- Versions greater than 1.6.50
Remote attacker could exploit this vulnerability by executing arbitrary code.
Best practice and Recommendations:
The CERT team encourages users to remove ThemeREX Addons pluging by:
- Remove file wp-content/plugins/includes/plugin.rest-api.php If the file is not in your plugin, then there is no problem at all.
- Remove the following line of code in wp-content/themes/theme_name/plugins/trx_addons/ trx_addions.php:
require_once TRX_ADDONS_PLUGIN_DIR_INCLUDES . 'plugin.rest-api.php';
For more details: