CVE-2024-13448 – The ThemeREX Addons WordPress plugin allows una... (How to Fix)

Q: What is the severity of CVE-2024-13448?

CVE-2024-13448 has a CVSS score of 9.8 (CRITICAL). The ThemeREX Addons WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability affects all versions up to 2.32.3 and can lead to remote code execution on vulnerable WordPress sites.

📋 TL;DR

The ThemeREX Addons WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability affects all versions up to 2.32.3 and can lead to remote code execution on vulnerable WordPress sites.

💻 Affected Systems

Products:

ThemeREX Addons WordPress Plugin

Versions: All versions up to and including 2.32.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with ThemeREX Addons plugin active. The Qwery theme and other themes using this plugin are affected.

📦 What is this software?

Addons by Themerex

View all CVEs affecting Addons →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise via remote code execution, allowing attackers to install malware, steal data, or use the server for further attacks.

🟠

Likely Case

Attackers upload web shells to gain persistent access, deface websites, or install cryptocurrency miners.

🟢

If Mitigated

File uploads blocked or restricted, preventing code execution but potentially allowing denial of service through disk space consumption.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST request with malicious file upload. Public exploit code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.32.4 or later

Vendor Advisory: https://themeforest.net/item/qwery-multipurpose-business-wordpress-theme/29678687

Restart Required: No

Instructions:

1. Update ThemeREX Addons plugin to version 2.32.4 or later via WordPress admin panel. 2. Verify update completed successfully. 3. Test file upload functionality.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable ThemeREX Addons plugin until patched

wp plugin deactivate trx_addons

Web Application Firewall Rule

all

Block requests to vulnerable endpoint

Block POST requests to /wp-admin/admin-ajax.php with action=trx_addons_uploads_save_data

🧯 If You Can't Patch

Implement strict file upload restrictions at web server level (e.g., .htaccess rules blocking PHP execution in uploads directory)
Deploy web application firewall with specific rules blocking the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel for ThemeREX Addons plugin version. If version is 2.32.3 or lower, system is vulnerable.

Check Version:

wp plugin get trx_addons --field=version

Verify Fix Applied:

Confirm plugin version is 2.32.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /wp-admin/admin-ajax.php with action=trx_addons_uploads_save_data
Unusual file uploads to wp-content/uploads/trx_addons directory
PHP file execution from uploads directory

Network Indicators:

HTTP POST requests with file uploads to vulnerable endpoint from unusual IP addresses

SIEM Query:

source="web_logs" AND uri_path="/wp-admin/admin-ajax.php" AND post_data="action=trx_addons_uploads_save_data"

📊 Metadata

CVE ID: CVE-2024-13448

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 3.2% exploit probability (86.7th percentile)

Published: January 28, 2025

Last Updated: January 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13448, you might also want to check these: