Attacker Value
Unknown
CVE-2020-10257
CVE-2020-10257
(Last updated November 27, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
Products
- addons 1.0.49.10,
- addons 1.6.49.5,
- addons 1.6.49.6,
- addons 1.6.49.6.2,
- addons 1.6.49.8,
- addons 1.6.50,
- addons 1.6.50.1,
- addons 1.6.51.1,
- addons 1.6.51.3,
- addons 1.6.52.1,
- addons 1.6.52.2,
- addons 1.6.53,
- addons 1.6.53.1,
- addons 1.6.53.2,
- addons 1.6.53.3,
- addons 1.6.54,
- addons 1.6.55.1,
- addons 1.6.55.3,
- addons 1.6.55.4,
- addons 1.6.55.7,
- addons 1.6.56,
- addons 1.6.57,
- addons 1.6.57.2,
- addons 1.6.57.3,
- addons 1.6.57.4,
- addons 1.6.58.2,
- addons 1.6.59,
- addons 1.6.59.1.1,
- addons 1.6.59.2,
- addons 1.6.59.3,
- addons 1.6.60,
- addons 1.6.61,
- addons 1.6.61.1,
- addons 1.6.61.2,
- addons 1.6.61.3,
- addons 1.6.62.1,
- addons 1.6.62.3,
- addons 1.6.65,
- addons 1.6.66,
- addons 1.6.67,
- addons 1.70.3,
- aldo-gutenberg wordpress blog theme,
- amuli,
- blabber,
- bonkozoo zoo,
- briny-diving wordpress theme,
- bugster-pests control,
- buzz stone-magazine & blog,
- chainpress,
- chit club-board games,
- coinpress-cryptocurrency magazine & blog wordpress theme,
- corredo sport event,
- dronex-aerial photography services,
- especio-food gutenberg theme,
- fc united-football,
- gloss blog,
- gridiron,
- hallelujah-church,
- heaven 11-multiskin property theme,
- helion-agency &portfolio,
- hobo digital nomad blog,
- impacto patronus multi-landing,
- justitia-multiskin lawyer theme,
- kargo-freight transport,
- katelyn-gutenberg wordpress blog theme,
- kids care,
- kratz-digital agency,
- lingvico-language learning school,
- maxify-startup blog,
- meals and wheels-food truck,
- modern housewife-housewife and family blog,
- mystik-esoterics,
- nazareth-church,
- nelson-barbershop + tattoo salon,
- netmix-broadband & telecom,
- ozeum-museum,
- partiso electioncampaign,
- piqes-creative startup & agency wordpress theme,
- pixefy,
- plumbing-repair, building & construction wordpress theme,
- prider-pride fest,
- rare radio,
- renewal-plastic surgeon clinic,
- rhodos-creative corporate wordpress theme,
- right way,
- rosalinda-vegetarian & health coach,
- rumble-single fighter boxer, news, gym, store,
- samadhi-buddhist,
- savejulia personal fundraising campaign,
- scientia-public library,
- skydiving and flying company,
- tacticool-shooting range wordpress theme,
- tantum-rent a car, rent a bike, rent a scooter multiskin theme,
- tediss-soft play area, cafe & child care center,
- topper theme and skins -,
- tornados,
- vapester,
- vihara-ashram, buddhist,
- vixus-startup / mobile application,
- wellspring water filter systems,
- yolox-startup magazine & blog wordpress theme,
- yottis-simple portfolio,
- yungen-digital/marketing agency
