CVE-2019-20211 - Cththemes Citybook, Cththemes Easybook and Cththemes Townhub

January 13, 2020

Moderate 6.1

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

Affected software

Cththemes Citybook

Cththemes Easybook

Cththemes Townhub

Reference links

https://cxsecurity.com/issue/WLB-2019120110
https://cxsecurity.com/issue/WLB-2019120111
https://cxsecurity.com/issue/WLB-2019120112
https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
https://wpvulndb.com/vulnerabilities/10013
https://wpvulndb.com/vulnerabilities/10014
https://wpvulndb.com/vulnerabilities/10018

CVE-2019-20211 - Cththemes Citybook, Cththemes Easybook and Cththemes Townhub

Affected software

Reference links

Get alerted to vulnerabilities in your software