djbaxter
Administrator
- Joined
- Jun 28, 2012
- Messages
- 3,778
- Solutions
- 2
- Reaction score
- 1,877
Zero-Day Vulnerability in ThemeREX Addons Plugin Exploited in the Wild
by Chloe Chamberland, Wordfence
Feb 18, 2019
Affected Plugin: ThemeREX Addons
Affected Versions: Versions greater than 1.6.50
CVSS Score: 9.8 (Critical)
Patched Version: Currently No Patch.
Today, February 18th, our Threat Intelligence team was notified of a vulnerability present in ThemeREX Addons, a WordPress plugin installed on an estimated 44,000 sites. This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts.
At the time of writing, this vulnerability is being actively exploited, therefore we urge users to temporarily remove the ThemeREX Addons plugin if you are running a version greater than 1.6.50 until a patch has been released.
Read more...
by Chloe Chamberland, Wordfence
Feb 18, 2019
Affected Plugin: ThemeREX Addons
Affected Versions: Versions greater than 1.6.50
CVSS Score: 9.8 (Critical)
Patched Version: Currently No Patch.
Today, February 18th, our Threat Intelligence team was notified of a vulnerability present in ThemeREX Addons, a WordPress plugin installed on an estimated 44,000 sites. This flaw allows attackers to remotely execute code on a site with the plugin installed, including the ability to execute code that can inject administrative user accounts.
At the time of writing, this vulnerability is being actively exploited, therefore we urge users to temporarily remove the ThemeREX Addons plugin if you are running a version greater than 1.6.50 until a patch has been released.
Read more...
