Lucene search
MitreCVELIST:CVE-2019-20209HistoryJan 13, 2020 - 5:05 p.m.
CVE-2019-20209
2020-01-1317:05:22
mitre
www.cve.org
1
0.007 Low
EPSS
Percentile
80.1%
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
References
cxsecurity.com/issue/WLB-2019120110
cxsecurity.com/issue/WLB-2019120111
cxsecurity.com/issue/WLB-2019120112
themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
wpvulndb.com/vulnerabilities/10013
wpvulndb.com/vulnerabilities/10014
wpvulndb.com/vulnerabilities/10018
Related
prion
prion
Code injection
2020-01-13 18:15:00
cve
cve
CVE-2019-20209
2020-01-13 18:15:13
nvd
nvd
CVE-2019-20209
2020-01-13 18:15:13
patchstack
patchstack
wpexploit
wpexploit
EasyBook < 1.2.2 - Multiple Vulnerabilities
2020-01-10 00:00:00
TownHub < 1.0.6 - Multiple Vulnerabilities
2020-01-09 00:00:00
CityBook < 2.3.4 - Multiple Vulnerabilities
2020-01-09 00:00:00
wpvulndb
wpvulndb
CityBook < 2.3.4 - Multiple Vulnerabilities
2020-01-09 00:00:00
EasyBook < 1.2.2 - Multiple Vulnerabilities
2020-01-10 00:00:00
TownHub < 1.0.6 - Multiple Vulnerabilities
2020-01-09 00:00:00