CVE-2025-0682 | ThemeREX Addons Plugin up to 2.33.0 on WordPress Shortcode trx_sc_reviews type filename control

Posted by Angelo Barbosa | Jan 25, 2025 | CVE

A vulnerability classified as critical was found in ThemeREX Addons Plugin up to 2.33.0 on WordPress. Affected by this vulnerability is the function trx_sc_reviews of the component Shortcode Handler. The manipulation of the argument type leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is known as CVE-2025-0682. The attack can be launched remotely. There is no exploit available.

CVE-2025-0682 | ThemeREX Addons Plugin up to 2.33.0 on WordPress Shortcode trx_sc_reviews type filename control

Related Posts

CVE-2024-2762 | FooGallery Plugin/FooGallery Premium Plugin up to 2.4.14 on WordPress Gallery Setting cross site scripting

CVE-2024-1537 | wpdevteam Essential Addons for Elementor Plugin up to 5.9.9 on WordPress Data Table Widget cross site scripting

CVE-2024-12130 | Rockwell Automation Arena up to 16.20.03 DOE File out-of-bounds

CVE-2024-4795 | Campcodes Online Laundry Management System 1.0 /manage_user.php id sql injection