Wordfence announced that they found a critical zero-day vulnerability in a popular WordPress plugin, ThemeREX addon. Wordfence also announced that they released a firewall rule to fix the vulnerability. The vulnerability was discovered on February 18th. ThemeREX has released updates for all of its themes that included the vulnerable ThemeREX Addons plugin.
Actively under attack
ThemeREX Addons plugin was designed as a companion plugin that provides several themes enhancing features and widgets to extend the functionality of these themes. The vulnerable code was present within the ~/includes/plugin.rest-api.php file, where there were a few issues. The flaw allowed for WordPress functions to be executed allowing attackers the ability to inject administrative user accounts and take over sites. ThemeREX completely removed the affected ~/plugin.rest-api.php file from the plugin to resolve the security flaw.
Stay tuned for up-to-date WordPress News