Lucene search

PRIOn knowledge basePRION:CVE-2019-20209

HistoryJan 13, 2020 - 6:15 p.m.

Code injection

2020-01-1318:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.

CPENameOperatorVersion
citybooklt2.3.4
easybooklt1.2.2
townhublt1.0.6

Name	Operator	Version
citybook	lt	2.3.4
easybook	lt	1.2.2
townhub	lt	1.0.6

References

cxsecurity.com/issue/WLB-2019120110

cxsecurity.com/issue/WLB-2019120111

cxsecurity.com/issue/WLB-2019120112

themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727

themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622

themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571

wpvulndb.com/vulnerabilities/10013

wpvulndb.com/vulnerabilities/10014

wpvulndb.com/vulnerabilities/10018