cbcvebase.
CVE-2020-36723
published 2023-06-07

CVE-2020-36723: The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the…

PriorityP278medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.61%
72.9th percentile
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.

Affected

1 ranges
VendorProductVersion rangeFixed in
cridiolistingpro< 2.6.12.6.1

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/index.php?download-lp-users=yes
path~/listingpro-plugin/functions.php
  • HTTP GET request to /wp-admin/index.php?download-lp-users=yes triggers unauthenticated sensitive data export; response body contains CSV-like headers 'UserName', 'Email', 'Full Name', 'Listings' and response header contains 'filename='
  • Match response body for all four strings simultaneously: 'UserName', 'Email', 'Full Name', 'Listings' — indicates successful data disclosure response
  • Confirm exploitation by checking that the HTTP response header contains 'filename=' (file download attachment header), indicating a user data file is being served
  • FOFA/asset discovery query for exposed ListingPro instances: search for body containing '/wp-content/plugins/listingpro'
  • ·Vulnerability affects ListingPro versions strictly before 2.6.1; the endpoint is accessible without authentication (unauthenticated attacker)

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.