CVE-2025-0682 | ThemeREX Addons Plugin up to 2.33.0 on WordPress Shortcode trx_sc_reviews type filename control

CVE-2025-0682 | ThemeREX Addons Plugin up to 2.33.0 on WordPress Shortcode trx_sc_reviews type filename control

A vulnerability classified as critical was found in ThemeREX Addons Plugin up to 2.33.0 on WordPress. Affected by this vulnerability is the function trx_sc_reviews of the component Shortcode Handler. The manipulation of the argument type leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is known as CVE-2025-0682. The attack can be launched remotely. There is no exploit available.