cbcvebase.
CVE-2020-36719
published 2023-06-07

CVE-2020-36719: The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions…

PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.30%
89.9th percentile
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.

Affected

1 ranges
VendorProductVersion rangeFixed in
cridiolistingpro<= 2.6.1

Detection & IOCsextracted from sources · hover to see the quote

url/wp-content/themes/listingpro/style.css
path/wp-content/plugins/listingpro
  • Probe GET /wp-content/themes/listingpro/style.css; a response body containing both 'ListingPro' and 'Version:' with a version string less than 2.6.1 indicates a vulnerable installation.
  • Extract the theme version from the style.css body using the regex pattern '(?i)Version:\s?([\w.]+)' and compare against 2.6.1 to confirm vulnerability.
  • FOFA fingerprint query for exposed ListingPro installations: search for body containing '/wp-content/plugins/listingpro'.
  • The vulnerable unauthenticated attack surface is the lp_cc_addons_actions function, which lacks a capability check, allowing arbitrary plugin install/activate/deactivate without authentication.
  • ·Vulnerability affects ListingPro versions strictly before 2.6.1; version 2.6.1 and later are patched.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.