WordPress CTHthemes - Cross-Site Scripting

WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query. id: CVE-2019-20210 info: name: WordPress CTHthemes - Cross-Site Scripting author: edoardottt severity: medium description: |...

CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...

EUVD-2019-10763

Malware in sbrugna...

EUVD-2019-10764

Malware in sbrugna...

WordPress CityBook premium theme <= 2.4.3 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found by Vlad Vector in WordPress CityBook premium theme versions = 2.4.3. Solution Update the WordPress CityBook premium theme to the latest available version at least 2.4.4...

CityBook < 2.4.4 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «CityBook - Directory & Listing WordPress Theme», tested version — v2.4.3. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato June 18th, 2020 - v2.4.4 released, fixing the issue PoC...

CityBook < 2.4.4 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «CityBook - Directory & Listing WordPress Theme», tested version — v2.4.3. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato June 18th, 2020 - v2.4.4 released, fixing the issue...

WordPress CTHthemes CityBook, TownHub and EasyBook Cross-Site Scripting Vulnerabilities (CNVD-2020-16668)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress CTHthemes CityBook versions prior to 2.3.4, TownHub...

WordPress CTHthemes CityBook, TownHub and EasyBook Cross-Site Scripting Vulnerabilities (CNVD-2020-16659)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress CTHthemes CityBook versions prior to 2.3.4, TownHub...

WordPress CTHthemes Unspecified Vulnerability in CityBook, TownHub and EasyBook

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress CTHthemes CityBook versions prior to 2.3.4, TownHub versions prio...

WordPress CTHthemes CityBook, TownHub and EasyBook Cross-Site Scripting Vulnerabilities

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ultimate Member plugin is one of the plugins used to create member sites or online communities. A cross-site scripting vulnerability...

CVE-2019-20210

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query...

CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...

CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...

CVE-2019-20212

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form...

CVE-2019-20212

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form...

CVE-2019-20210

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query...

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

CVE-2019-20209

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference IDOR via wp-admin/admin-ajax.php to delete any page/post/listing...

Cross site scripting

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...