Addons
This hub aggregates every CVE we track for Addons, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
2
Critical
1
High
0
In CISA KEV
Severity distribution
CRITICAL2HIGH1MEDIUM1
Monthly trend
0
0
0
0
0
0
2
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting Addons.
- CVE-2025-6997ThemeREX Addons <= 2.35.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trx_addons_get_svg_from_file Function6.4
- CVE-2024-13448ThemeREX Addons <= 2.32.3 - Unauthenticated Arbitrary File Upload in trx_addons_uploads_save_data9.8
- CVE-2025-0682ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode8.8
- CVE-2020-10257The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, becaus...9.8
Product normalization is registry-driven with AI assist and human review. How it works