CVE-2020-36719
published 2023-06-07CVE-2020-36719: The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions…
PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.30%
89.9th percentile
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cridio | listingpro | <= 2.6.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe GET /wp-content/themes/listingpro/style.css; a response body containing both 'ListingPro' and 'Version:' with a version string less than 2.6.1 indicates a vulnerable installation. ↗
- →Extract the theme version from the style.css body using the regex pattern '(?i)Version:\s?([\w.]+)' and compare against 2.6.1 to confirm vulnerability. ↗
- →FOFA fingerprint query for exposed ListingPro installations: search for body containing '/wp-content/plugins/listingpro'. ↗
- →The vulnerable unauthenticated attack surface is the lp_cc_addons_actions function, which lacks a capability check, allowing arbitrary plugin install/activate/deactivate without authentication. ↗
- ·Vulnerability affects ListingPro versions strictly before 2.6.1; version 2.6.1 and later are patched. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vpf4-7pch-f7ph: The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in vers
ghsa_unreviewed·2023-06-07
CVE-2020-36719 [CRITICAL] CWE-862 GHSA-vpf4-7pch-f7ph: The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in vers
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.
VulnCheck
cridio listingpro Missing Authorization
vulncheck·2020·CVSS 9.8
CVE-2020-36719 [CRITICAL] cridio listingpro Missing Authorization
cridio listingpro Missing Authorization
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.
Affected: cridio listingpro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/listingpro/wordpress-listingpro-theme-2-6-unauthenticated-arbitrary-plugin-installation-activation-deactivation-vulnerability
No detection rules found.
Nuclei
ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation
nuclei·CVSS 9.8
CVE-2020-36719 [CRITICAL] ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation
ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.
Template:
id: CVE-2020-36719
info:
name: ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation
author: ritikchaddha
severity: critical
description: |
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a mi
No writeups or analysis indexed.
https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=cvehttps://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=cve
2023-06-07
Published
Exploited in the wild