More threads by djbaxter


Jun 28, 2012
Reaction score
Zero-Day Vulnerability in ThemeREX Addons Plugin Exploited in the Wild
by Chloe Chamberland, Wordfence
Feb 18, 2019

Affected Plugin: ThemeREX Addons
Affected Versions: Versions greater than 1.6.50
CVSS Score: 9.8 (Critical)
Patched Version: Currently No Patch.

Today, February 18th, our Threat Intelligence team was notified of a vulnerability present in ThemeREX Addons, a WordPress plugin installed on an estimated 44,000 sites. This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts.

At the time of writing, this vulnerability is being actively exploited, therefore we urge users to temporarily remove the ThemeREX Addons plugin if you are running a version greater than 1.6.50 until a patch has been released.


Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

LocalU Event

Live Webinar - Local SEO Audits

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Top Bottom