Cththemes Citybook vulnerabilities
4 known vulnerabilities affecting cththemes/citybook.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2019-20210P3MEDIUMCVSS 6.1PoCfixed in 2.3.42020-01-13
CVE-2019-20210 [MEDIUM] CWE-79 CVE-2019-20210: The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for Word
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
nvd
CVE-2019-20209P3HIGHCVSS 7.5fixed in 2.3.42020-01-13
CVE-2019-20209 [HIGH] CWE-79 CVE-2019-20209: The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for Word
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
nvd
CVE-2019-20211P4MEDIUMCVSS 6.1fixed in 2.3.42020-01-13
CVE-2019-20211 [MEDIUM] CWE-79 CVE-2019-20211: The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for Word
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.
nvd
CVE-2019-20212P4MEDIUMCVSS 6.1fixed in 2.3.42020-01-13
CVE-2019-20212 [MEDIUM] CWE-79 CVE-2019-20212: The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for Word
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.
nvd