On February 18, 2020 Wordfence has announced the disclosure of the vulnerability present in some versions of ThemeREX Addons plugin, a required plugin packaged with our themes. Therefore, we wanted to notify our customers about the problem and elaborate on the quick fix.
First and foremost, our themes have different versions of the plugin so only some items were affected. Of course, ThemeREX developers have instantly found the problem and eliminated it. As a result, till February 20, we have successfully updated all the themes in question. In order to check if your theme has the problem, just have a look at the Change log at the bottom of the item description page on Themeforest.net If you can see “ThemeREX Addons vulnerability fixed” there, then you need to update the theme and the plugin to avoid the exploitation of this vulnerability.
In order to download the fixed theme version, please navigate to Downloads section of your Themeforest account. The steps to update Themerex Addons plugin in your WordPress admin are:
- Download the theme and find the included Themerex Addons plugin using the following path – theme_name/plugins/trx_addons/trx_addons.zip
- Then navigate to the Dashboard -> Plugins to deactivate and remove the current version of Themerex Addons plugin.
- Upload trx_addons.zip and activate it.
How to Apply the Fix Yourself
In addition, if you are not willing to update the theme, you may quickly make changes in files yourself. Just follow these steps:
- Log in to your Cpanel File Manager or use FTP client to access files on the server.
- Remove file wp-content/plugins/trx_addons/includes/plugin.rest-api.php If the file is not in your plugin, then there is no problem at all.
- Then, delete the following line of code in wp-content/plugins/trx_addons/trx_addions.php file:
require_once TRX_ADDONS_PLUGIN_DIR_INCLUDES . ‘plugin.rest-api.php’;
Congrats! You are done now. The vulnerability is successfully defused.
Moreover, our Tech Support Team is ready to help you solve the problem in our Help Desk. All you need is to submit a support ticket. If your support has expired, there is no need to purchase additional support. We will help you free of charge – just provide your website details using Presales Questions option.
Once again, take our deepest apologies for any inconvenience caused by this issue. We highly value our customers’ business, effort and time.