Vulnerability Details CVE-2019-20211
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://cxsecurity.com/issue/WLB-2019120110
- https://cxsecurity.com/issue/WLB-2019120111
- https://cxsecurity.com/issue/WLB-2019120112
- https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
- https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
- https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
- https://wpvulndb.com/vulnerabilities/10013
- https://wpvulndb.com/vulnerabilities/10014
- https://wpvulndb.com/vulnerabilities/10018
- https://cxsecurity.com/issue/WLB-2019120110
- https://cxsecurity.com/issue/WLB-2019120111
- https://cxsecurity.com/issue/WLB-2019120112
- https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
- https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
- https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
- https://wpvulndb.com/vulnerabilities/10013
- https://wpvulndb.com/vulnerabilities/10014
- https://wpvulndb.com/vulnerabilities/10018