← back
CVE-2019-20211

CVE-2019-20211

EPSS 2.6%
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cxsecurity.com/issue/WLB-2019120110https://cxsecurity.com/issue/WLB-2019120111https://cxsecurity.com/issue/WLB-2019120112https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571https://wpvulndb.com/vulnerabilities/10013https://wpvulndb.com/vulnerabilities/10014https://wpvulndb.com/vulnerabilities/10018