CVE-2026-1969

MEDIUM 5.3

ThemeREX Addons < 2.38.5 - Unauthenticated Arbitrary File Upload

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448

Vendor	unknown
Product	trx_addons
Published	Mar 23, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for unknown trx_addons

Be the first to know when new medium vulnerabilities affecting unknown trx_addons are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / trx_addons

0 < 2.38.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/762530ae-80a5-4ff8-9725-6adab9498c33/

Credits

Erwan LR (WPScan) WPScan