virus logo Intrusion Prevention

WordPress.Plugin.ThemeREX.sc_layout.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt against a Command Injection vulnerability in Wordpress TimThumb.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.

affected-products-logoAffected Products

Ozeum - Museum (ThemeREX Addons version before 1.70.3.1)
Chit Club - Board Games (ThemeREX Addons version before 1.70.3.1)
Yottis - Simple Portfolio (ThemeREX Addons version before 1.6.67.1)
Helion - Agency & Portfolio Theme (ThemeREX Addons version before 1.6.66.1)
Amuli (ThemeREX Addons version before 1.6.66.1)
Nelson - Barbershop + Tattoo Salon (ThemeREX Addons version before 1.6.65.1)
Hallelujah - Church (ThemeREX Addons version before 1.6.65.1)
Right Way (ThemeREX Addons version before 1.6.65.1)
Prider - Pride Fest (ThemeREX Addons version before 1.6.65.1)
Mystik - Esoterics (ThemeREX Addons version before 1.6.62.3.1)
Skydiving and Flying Company (ThemeREX Addons version before 1.6.62.4)
DroneX - Aerial Photography Services (ThemeREX Addons version before 1.6.62.1.1)
Samadhi - Buddhist (ThemeREX Addons version before 1.6.61.2.1)
TanTum - Rent a car, Rent a bike, Rent a scooter Multiskin theme (ThemeREX Addons version before 1.6.61.3.1)
Scientia - Public Library (ThemeREX Addons version before 1.6.61.2.1)
Blabber (ThemeREX Addons version before 1.6.61.2.1)
Impacto Patronus Multi-landing (ThemeREX Addons version before 1.6.61.1.1)
Rare Radio (ThemeREX Addons version before 1.6.61.1)
Piqes - Creative Startup & Agency WordPress Theme (ThemeREX Addons version before 1.6.60.1)
Kratz - Digital Agency (ThemeREX Addons version before 1.6.59.4)
Pixefy (ThemeREX Addons version before 1.6.59.3)
Netmix - Broadband & Telecom (ThemeREX Addons version before 1.6.59.1.2)
Kids Care (ThemeREX Addons version before 1.6.59.1)
Briny - Diving WordPress Theme (ThemeREX Addons version before 1.6.58.3)
Tornados (ThemeREX Addons version before 1.6.57.4)
Gridiron (ThemeREX Addons version before 1.6.57.5)
Yungen - Digital/Marketing Agency (ThemeREX Addons version before 1.6.57.2.1)
FC United - Football (ThemeREX Addons version before 1.6.57.3.1)
Bugster - Pests Control (ThemeREX Addons version before 1.6.57.3)
Rumble - Single Fighter Boxer, News, Gym, Store. (ThemeREX Addons version before 1.6.57.1)
Tacticool - Shooting Range WordPress Theme (ThemeREX Addons version before 1.6.56.1)
Coinpress - Cryptocurrency Magazine & Blog WordPress Theme (ThemeREX Addons version before 1.6.55.5)
Vihara - Ashram, Buddhist (ThemeREX Addons version before 1.6.55.8)
Katelyn - Gutenberg WordPress Blog Theme (ThemeREX Addons version before 1.6.55.5)
Heaven 11 - Multiskin Property Theme (ThemeREX Addons version before 1.6.55.2)
Especio - Food Gutenberg Theme (ThemeREX Addons version before 1.6.54.1)
Partiso_ElectionCampaign (ThemeREX Addons version before 1.6.53.2)
Kargo - Freight Transport (ThemeREX Addons version before 1.6.53.4)
Maxify - Startup Blog (ThemeREX Addons version before 1.6.53.3)
Lingvico - Language Learning School (ThemeREX Addons version before 1.6.53.3)
Aldo - Gutenberg WordPress Blog Theme (ThemeREX Addons version before 1.6.53.3)
Vixus - Startup / Mobile Application (ThemeREX Addons version before 1.6.52.3)
WellSpring _ Water Filter Systems (ThemeREX Addons version before 1.6.52.3)
Nazareth - Church (ThemeREX Addons version before 1.6.52.2)
Tediss - Soft Play Area, Cafe & Child Care Center (ThemeREX Addons version before 1.6.53.1)
Yolox - Startup Magazine & Blog WordPress Theme (ThemeREX Addons version before 1.6.51.4)
Meals and Wheels - Food Truck (ThemeREX Addons version before 1.6.51.4)
Rosalinda - Vegetarian & Health Coach (ThemeREX Addons version before 1.6.51.2)
Vapester (ThemeREX Addons version before 1.6.50.1)
Modern Housewife - Housewife and Family Blog (ThemeREX Addons version before 1.6.50.1)
ChainPress (ThemeREX Addons version before 1.6.50.2)
Justitia - Multiskin Lawyer Theme (ThemeREX Addons version before 1.6.51.2)
Hobo_Digital Nomad Blog (ThemeREX Addons version before 1.6.50.1)
Rhodos - Creative Corporate WordPress Theme (ThemeREX Addons version before 1.6.50.2)
Buzz Stone - Magazine & Blog (ThemeREX Addons version before 1.6.50.1)
Corredo_Sport Event (ThemeREX Addons version before 1.6.49.10)
SaveJulia Personal Fundraising Campaign (ThemeREX Addons version before 1.6.49.9)
BonkoZoo_Zoo (ThemeREX Addons version before 1.6.49.7)
Renewal - Plastic Surgeon Clinic (ThemeREX Addons version before 1.6.49.6.3)
Gloss_blog (ThemeREX Addons version before 1.6.49.6)
Plumbing - Repair, Building & Construction WordPress Theme (ThemeREX Addons version before 1.6.58.2.1)
Topper Theme and Skins (ThemeREX Addons version before 1.6.61.3)

Impact logoImpact

System Compromise: Remote attacker can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://themerex.net/wp/download_plugins/themerex-addons/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-05-06 15.838 Default_action:pass:drop
2020-05-06 15.837 Default_action:drop:pass
2020-05-06 15.836 Default_action:pass:drop
2020-04-28 15.829 Sig Added
2020-04-13 15.815 Sig Added
2020-03-23 15.801

References

https://www.wordfence.com/blog/2020/03/zero-day-vulnerability-in-themerex-addons-now-patched/
ID 48807
Created Mar 23, 2020
Updated May 05, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2020-10257
Exploit Prediction Score 10.11%
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app