Zero-Day Vulnerability in ThemeREX Addons Plugin

djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
3,228
Zero-Day Vulnerability in ThemeREX Addons Plugin Exploited in the Wild
by Chloe Chamberland, Wordfence
Feb 18, 2019

Affected Plugin: ThemeREX Addons
Affected Versions: Versions greater than 1.6.50
CVSS Score: 9.8 (Critical)
Patched Version: Currently No Patch.

Today, February 18th, our Threat Intelligence team was notified of a vulnerability present in ThemeREX Addons, a WordPress plugin installed on an estimated 44,000 sites. This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts.

At the time of writing, this vulnerability is being actively exploited, therefore we urge users to temporarily remove the ThemeREX Addons plugin if you are running a version greater than 1.6.50 until a patch has been released.

Read more...
 

Weekly Digest

Weekly Digest
Subscribe/Unsubscribe

Trending: Most Viewed

Newest Posts

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

  Local University Guide

Google Product Exert


Top