Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / ThemeREX

ThemeREX

185 tracked vulnerabilities.

CVE-2025-49890 CRITICAL

AWStats Script <0.4 - XSS

CVE-2025-6997 MEDIUM

ThemeREX Addons <= 2.35.1.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload

CVE-2025-0837 MEDIUM

Puzzles < 4.2.6 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes

CVE-2025-0682 HIGH

ThemeREX Addons <2.33.0 - Code Injection

CVE-2024-13786 CRITICAL

Education Center WordPress Theme <= 3.6.10 - Unauthenticated PHP Object Injection

CVE-2024-13770 HIGH

Puzzles < 4.2.4 - Unauthenticated PHP Object Injection via 'view_more_posts' AJAX Action

CVE-2024-13769 MEDIUM

Puzzles < 4.2.5 - Authenticated Stored Cross-Site Scripting via theme_options_ajax_post_action

CVE-2024-13448 CRITICAL

ThemeREX Addons <2.32.3 - File Upload

CVE-2024-6297 CRITICAL

Compromised WordPress.org Plugins - Malicious Admin Creation

CVE-2020-10257 CRITICAL NUCLEI

ThemeREX Addons < 2020-03-09 - Unauthenticated Remote Code Execution via REST API Endpoint

Previous Page 8 of 8

Products

ThemeREX Addons 4 addons 4 Puzzles | WP Magazine / Review with Store WordPress Theme + RTL 3 puzzles 3 Abelle 1 AirSupply 1 Aldo 1 Alliance 1 Aqualots 1 Artrium 1 Asia Garden 1 AutoParts 1 Avventure 1 Bassein 1 Bazinga 1 Beacon 1 Berger 1 Bonbon 1 Buisson 1 Choreo 1 Chroma 1 Classter 1 Cobble 1 Coinpress 1 Coleo 1 ConFix 1 Contact Form 7 Multi-Step Addon 1 CopyPress 1 Corbesier 1 Craftis 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy