CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36719 – ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation
https://notcve.org/view.php?id=CVE-2020-36719
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin. • https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460 https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36723 – ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2020-36723
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts. • https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460 https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19541 – ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-19541
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. El tema ListingPro versiones anteriores a v2.0.14.2 para WordPress, presenta una vulnerabilidad de tipo XSS persistente por medio del campo Best Day/Night en la página new listing submit. The ListingPro theme before v2.0.14.5 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. • https://wpvulndb.com/vulnerabilities/9974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19542 – ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-19542
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page. El tema ListingPro versiones anteriores a v2.0.14.2 para WordPress, presenta una vulnerabilidad de tipo XSS persistente por medio del campo Good For en la página new listing submit. The ListingPro theme before v2.0.14.5 for WordPress has Persistent XSS via the Good For field on the new listing submit page. • https://wpvulndb.com/vulnerabilities/9974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19540 – ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-19540
The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. El tema ListingPro versiones anteriores a v2.0.14.2 para WordPress, presenta una vulnerabilidad de tipo XSS reflejado por medio del campo What en la página de inicio. The ListingPro theme before v2.0.14.5 for WordPress has Reflected XSS via the What field on the homepage. • https://wpvulndb.com/vulnerabilities/9974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •