CVEs-PoC/2020/CVE-2020-10257.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 15:15:46 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.

POC

Reference

https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/

Github

https://github.com/abhav/nvd_scrapper

813 B Raw Blame History

CVE-2020-10257

Description

POC

Reference

Github

813 B

Raw Blame History