CVE-2026-1969
Received Received - Intake
Arbitrary File Upload in trx_addons Plugin via AJAX Flaw

Publication date: 2026-03-23

Last updated on: 2026-03-23

Assigner: WPScan

Description
The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1969
EUVD
EUVD-2026-14361
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trx_addons trx_addons to 2.38.5 (exc)
themerex addons to 2.38.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1969 is a vulnerability in the WordPress plugin ThemeREX Addons (trx_addons) versions before 2.38.5. The issue occurs because the plugin does not properly validate file types in one of its AJAX actions. This flaw allows unauthenticated users to upload arbitrary files to the server. The vulnerability exists due to an incorrect fix of a previous vulnerability identified as CVE-2024-13448.

Impact Analysis

This vulnerability can allow attackers who are not logged in to upload arbitrary files to your server through the vulnerable WordPress plugin. Such unauthorized file uploads can lead to various security risks including remote code execution, website defacement, data theft, or the installation of malware, depending on the nature of the uploaded files and the server configuration.

Compliance Impact

I don't know

Detection Guidance

This vulnerability affects the trx_addons WordPress plugin versions prior to 2.38.5, specifically due to improper validation of file types in one of its AJAX actions.

To detect if your system is vulnerable, you should first verify the version of the trx_addons plugin installed on your WordPress site.

  • Check the plugin version via the WordPress admin dashboard under Plugins.
  • Alternatively, use WP-CLI to check the plugin version: wp plugin list --status=active
  • Look for suspicious AJAX requests that attempt to upload files without authentication, which may indicate exploitation attempts.
  • Monitor web server logs for POST requests to AJAX endpoints related to trx_addons that include file uploads.
Mitigation Strategies

The primary mitigation step is to update the trx_addons WordPress plugin to version 2.38.5 or later, where the vulnerability has been fixed.

Until the update can be applied, consider restricting access to the vulnerable AJAX endpoints by implementing authentication or firewall rules to block unauthenticated file upload attempts.

Monitor your site for any suspicious activity related to file uploads and review logs regularly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1969. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart