CVE-2020-36723
published 2023-06-07CVE-2020-36723: The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the…
PriorityP278medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.61%
72.9th percentile
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cridio | listingpro | < 2.6.1 | 2.6.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /wp-admin/index.php?download-lp-users=yes triggers unauthenticated sensitive data export; response body contains CSV-like headers 'UserName', 'Email', 'Full Name', 'Listings' and response header contains 'filename=' ↗
- →Match response body for all four strings simultaneously: 'UserName', 'Email', 'Full Name', 'Listings' — indicates successful data disclosure response ↗
- →Confirm exploitation by checking that the HTTP response header contains 'filename=' (file download attachment header), indicating a user data file is being served ↗
- →FOFA/asset discovery query for exposed ListingPro instances: search for body containing '/wp-content/plugins/listingpro' ↗
- ·Vulnerability affects ListingPro versions strictly before 2.6.1; the endpoint is accessible without authentication (unauthenticated attacker) ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r88m-vgvq-wfmf: The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2
ghsa_unreviewed·2023-06-07
CVE-2020-36723 [MEDIUM] CWE-200 GHSA-r88m-vgvq-wfmf: The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.
VulnCheck
ListingPro - WordPress Directory & Listing '~/listingpro-plugin/functions.php' Vulnerability
vulncheck·2020·CVSS 5.3
CVE-2020-36723 [MEDIUM] ListingPro - WordPress Directory & Listing '~/listingpro-plugin/functions.php' Vulnerability
ListingPro - WordPress Directory & Listing '~/listingpro-plugin/functions.php' Vulnerability
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.
Affected: cridio listingpro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2020-36723
No detection rules found.
Nuclei
ListingPro < 2.6.1 - Sensitive Data Disclosure
nuclei·CVSS 5.3
CVE-2020-36723 [MEDIUM] ListingPro < 2.6.1 - Sensitive Data Disclosure
ListingPro < 2.6.1 - Sensitive Data Disclosure
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.
Template:
id: CVE-2020-36723
info:
name: ListingPro < 2.6.1 - Sensitive Data Disclosure
author: ritikchaddha
severity: high
description: |
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract
No writeups or analysis indexed.
https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cvehttps://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cve
2023-06-07
Published
Exploited in the wild