CVE-2025-6997

MEDIUM

ThemeREX Addons <= 2.35.1.1 - Authenticated Stored Cross-Site Scripting via SVG File Upload

Title source: llm

Description

The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trx_addons_get_svg_from_file() function on an unvalidated 'svg' parameter supplied via the shortcode or Elementor widget settings, then outputs it via the trx_addons_show_layout() function. Because there is no check on the URL’s origin, scheme, or the SVG content itself, authenticated attackers, with Contributor-level access and above, can supply a remote SVG and inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

References (2)

Core 2

Core References

Product

https://themerex.net/wp/download_plugins/themerex-addons/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/e1b19017-b2f0-4c3b-b263-1fbec6f1dce4?source=cve

Scores

CVSS v3 6.4

EPSS 0.0021

EPSS Percentile 10.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

themerex/addons < 2.35.2.2

ThemeREX/ThemeREX Addons < 2.35.1.1

Published Jul 19, 2025

Tracked Since Feb 18, 2026