CVE-2019-20211 - Cththemes Citybook, Cththemes Easybook and Cththemes Townhub
Moderate 6.1
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.
Affected software
Cththemes Citybook
Cththemes Easybook
Cththemes Townhub
Reference links
- https://cxsecurity.com/issue/WLB-2019120110
- https://cxsecurity.com/issue/WLB-2019120111
- https://cxsecurity.com/issue/WLB-2019120112
- https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
- https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
- https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
- https://wpvulndb.com/vulnerabilities/10013
- https://wpvulndb.com/vulnerabilities/10014
- https://wpvulndb.com/vulnerabilities/10018