All 3 CVE vulnerabilities found in ThemeREX Addons, with AI-generated Chinese analysis, references, and POCs.
Vendor: ThemeREX
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-6997 | ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function CWE-79 | 6.4 | Medium | 2025-07-19 |
| CVE-2024-13448 | ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data CWE-434 | 9.8 | Critical | 2025-01-28 |
| CVE-2025-0682 | ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode CWE-98 | 8.8 | High | 2025-01-25 |
All 3 known CVE vulnerabilities affecting ThemeREX Addons with full Chinese analysis, references, and POCs where available.