CVE-2025-8218 Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member'

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

PT-2025-33709

Name of the Vulnerable Software and Affected Versions: Real Spaces - WordPress Properties Directory Theme versions prior to 3.7 Description: The Real Spaces - WordPress Properties Directory Theme for WordPress is susceptible to privilege escalation through the imic agent register function. This...

CVE-2021-24319

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...

CVE-2020-36723 ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

CVE-2020-36723

CVE-2020-36723 affects ListingPro — WordPress Directory & Listing Theme. Versions prior to 2.6.1 are vulnerable to sensitive data exposure via the ~/listingpro-plugin/functions.php file, allowing unauthenticated attackers to extract usernames, full names, email addresses, phone numbers, physical ...

ListingPro < 2.5.4 - Unauthenticated Reflected Cross-Site Scripting

Reflected XSS was discovered in the «ListingPro - WordPress Directory Theme», tested version — v2.5.3 Edit - WPScanTeam: January 13th, 2020 - Report Received & Envato Contacted January 13th, 2020 - Envato Investigating January 15th, 2020 - Theme updated, v2.5.4, fixing the issue PoC ----- Info:...

WordPress Superlist- Directory Theme Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Superlist- Directory Theme, which can be exploited by...

ListingPro < 2.0.14.5 - Reflected & Persistent Cross-Site Scripting

Reflected & Persistent XSS was discovered in the 'ListingPro - WordPress Directory Theme'. Current version is 2.0.14.2 August 9th 2019. Edit WPScanTeam: November 29th, 2019 - Envato Informed November 29th, 2019 - Envato Investigating December 4th, 2019 - v2.0.14.3 Released, fixing the reflected X...

Find a Place CMS Directory 1.5 - assetsexternaldata_2.php cate SQL Injection

Find a Place CMS Directory 1.5 - assetsexternaldata2.php cate SQL Injection Exploit Title: Find a Place CMS Directory 1.5 - 'assets/external/data2.php cate' SQL Injection Google Dork: inurl:"assets/external/data.php" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa....

Find A Place CMS Directory 1.5 SQL Injection

Exploit Title: Find a Place CMS Directory 1.5 - 'assets/external/data2.php cate' SQL Injection Google Dork: inurl:"assets/external/data.php" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/...

WordPress Supreme Directory theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress Supreme Directory theme versions = 1.1.8. Solution Update the WordPress Supreme Directory theme to the latest available version at least 1.1.9...

Supreme Directory Theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS)

This theme has a parameter, s, that allows execute a xss payload: " PoC 1. Install the theme 2. Access the web on another browser 3. Write this uri: website.com/?s="...

Supreme Directory Theme <= 1.1.8 - Unauthenticated Cross-Site Scripting (XSS)

This theme has a parameter, s, that allows execute a xss payload: " 1. Install the theme 2. Access the web on another browser 3. Write this uri: website.com/?s="alert0...

Locations Multipurpose CMS Directory Theme 1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Locations - Multipurpose CMS Directory Theme - xss Google Dork: N/A Date: 2017/27/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://themerig.com Software Buy:...