RSS   Vulnerabilities for 'Townhub'   RSS

2020-01-13
 
CVE-2019-20212

CWE-79
 

 
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.

 
 
CVE-2019-20211

CWE-79
 

 
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

 
 
CVE-2019-20210

CWE-79
 

 
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.

 
 
CVE-2019-20209

CWE-639
 

 
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.

 

 >>> Vendor: Cththemes 3 Products
Citybook
Easybook
Townhub


Copyright 2024, cxsecurity.com

 

Back to Top