Executive Summary

CVE-2025-60205 is a critical PHP Object Injection vulnerability found in the WordPress ThemeREX Addons Plugin versions 2.36.1.1 and below.

This vulnerability allows unauthenticated attackers—meaning no special privileges are needed—to inject malicious PHP objects into the application.

Exploitation can lead to severe consequences such as code injection, SQL injection, path traversal, denial of service, and other malicious activities if a suitable POP (Property Oriented Programming) chain exists.

Users are advised to update to version 2.36.2 where the vulnerability has been patched.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a critical impact on your system's security.

• Attackers can execute arbitrary code on your server.
• It can lead to SQL injection, potentially exposing or corrupting your database.
• Path traversal attacks may allow attackers to access sensitive files.
• Denial of service attacks could disrupt the availability of your website or service.

Since the vulnerability is unauthenticated, attackers do not need any credentials to exploit it, increasing the risk.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate the CVE-2025-60205 vulnerability in the WordPress ThemeREX Addons Plugin (versions 2.36.1.1 and below), users should immediately update the plugin to version 2.36.2 or later.

Until the update can be applied, it is advised to implement the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthenticated attackers to perform critical actions such as code injection, SQL injection, path traversal, and denial of service. These actions could lead to unauthorized access, data breaches, or service disruptions.

Such security breaches can compromise the confidentiality, integrity, and availability of sensitive data, potentially violating compliance requirements under standards like GDPR and HIPAA that mandate protection of personal and health information.

Therefore, failure to patch this vulnerability or mitigate its exploitation could result in non-compliance with these regulations due to inadequate security controls.

Useful 0 Not Useful 0

Detection Guidance

The vulnerability affects WordPress installations using the ThemeREX Addons Plugin version 2.36.1.1 and below. Detection typically involves identifying if the vulnerable plugin version is installed.

Since the vulnerability is an unauthenticated PHP Object Injection, network detection might involve monitoring for suspicious HTTP requests targeting the plugin endpoints that could carry malicious payloads.

Patchstack has provided a mitigation rule to block attacks until the plugin is updated, which may include signatures or rules for intrusion detection systems.

Specific commands to detect the vulnerable plugin version on your WordPress system include:

• Using WP-CLI to check the installed plugin version: wp plugin list | grep trx_addons
• Manually inspecting the plugin version in the WordPress admin dashboard under Plugins.
• Searching the plugin directory for version information, e.g., grep -r 'Version:' wp-content/plugins/trx_addons/

For network detection, monitoring HTTP requests for unusual parameters or payloads targeting the ThemeREX Addons plugin endpoints can help, but no specific commands or signatures are provided in the available resources.

Useful 0 Not Useful 0