CVE-2020-10257 Scanner

ThemeREX Addons is a plugin created for WordPress to enhance and customize themes. It is widely used by web developers and designers to add extra functionality and layout customizations to their WordPress sites. The plugin provides various features such as shortcodes, widgets, and custom post types that help users enhance their website. ThemeREX Addons is often employed in conjunction with premium WordPress themes offered by ThemeREX, a developer known for its attractive and versatile WordPress themes. Due to its popularity, this plugin is crucial for WordPress sites looking to improve their design and user experience.

The Remote Code Execution (RCE) vulnerability in ThemeREX Addons occurs when an attacker executes arbitrary code on a target system. This particular vulnerability in the plugin exists in its /trx_addons/v2/get/sc_layout REST API endpoint. Unauthenticated attackers can exploit this endpoint to run PHP functions by sending crafted requests with parameters that execute unintended commands. The RCE vulnerability is one of the most critical security issues as it can give attackers the capability to control and compromise the entire web server. Addressing this vulnerability is essential to maintaining the security and integrity of websites using ThemeREX Addons.

The technical details of the vulnerability involve the sc parameter in the REST API endpoint /trx_addons/v2/get/sc_layout, which is not properly validated. This parameter allows attackers to call PHP functions, potentially leading to arbitrary code execution. The lack of authentication for accessing this endpoint makes the vulnerability particularly severe, as any user can exploit it without specific privileges. The plugin's code handling this parameter is located in includes/plugin.rest-api.php, making it crucial to ensure that the parameter is sanitized and authenticated correctly. Developers need to address this by validating input data and restricting unauthorized access to sensitive functions.

If successfully exploited, this vulnerability could allow attackers to take full control of the affected WordPress site. This might lead to data theft, defacement, inclusion of malicious code, and possibly distribution of malware to site visitors. Furthermore, exploiting the RCE vulnerability can completely compromise the server hosting the WordPress site, resulting in severe damage to the site's reputation and confidential data. Therefore, mitigating this issue is paramount to protect users and the integrity of the WordPress ecosystem.

REFERENCES

• https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/
• https://wpscan.com/vulnerability/4ed4e60e-5bbb-4010-a7fe-40eadd8dee64/
• https://nvd.nist.gov/vuln/detail/CVE-2020-10257