CVE-2026-1969
Arbitrary File Upload in trx_addons Plugin via AJAX Flaw
Publication date: 2026-03-23
Last updated on: 2026-03-23
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trx_addons | trx_addons | to 2.38.5 (exc) |
| themerex | addons | to 2.38.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1969 is a vulnerability in the WordPress plugin ThemeREX Addons (trx_addons) versions before 2.38.5. The issue occurs because the plugin does not properly validate file types in one of its AJAX actions. This flaw allows unauthenticated users to upload arbitrary files to the server. The vulnerability exists due to an incorrect fix of a previous vulnerability identified as CVE-2024-13448.
How can this vulnerability impact me? :
This vulnerability can allow attackers who are not logged in to upload arbitrary files to your server through the vulnerable WordPress plugin. Such unauthorized file uploads can lead to various security risks including remote code execution, website defacement, data theft, or the installation of malware, depending on the nature of the uploaded files and the server configuration.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the trx_addons WordPress plugin versions prior to 2.38.5, specifically due to improper validation of file types in one of its AJAX actions.
To detect if your system is vulnerable, you should first verify the version of the trx_addons plugin installed on your WordPress site.
- Check the plugin version via the WordPress admin dashboard under Plugins.
- Alternatively, use WP-CLI to check the plugin version: wp plugin list --status=active
- Look for suspicious AJAX requests that attempt to upload files without authentication, which may indicate exploitation attempts.
- Monitor web server logs for POST requests to AJAX endpoints related to trx_addons that include file uploads.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the trx_addons WordPress plugin to version 2.38.5 or later, where the vulnerability has been fixed.
Until the update can be applied, consider restricting access to the vulnerable AJAX endpoints by implementing authentication or firewall rules to block unauthenticated file upload attempts.
Monitor your site for any suspicious activity related to file uploads and review logs regularly.