Themes Vulnerabilities
CityBook < 2.3.4 - Multiple Vulnerabilities
Description
Multiple vulnerabilities was discovered in the 'CityBook - Directory & Listing WordPress Theme', tested version — v2.3.3:
- Unauthenticated Reflected XSS
- Authenticated Persistent XSS
- IDOR
Edit (WPScanTeam):
December 27h, 2019 - Envato Contacted
January 6th, 2020 - Envato Investigating
January 7th, 2020 - v2.3.4 released
Proof of Concept
Affects Themes
Fixed in 2.3.4 References
Miscellaneous
Original Researcher
m0ze
Submitter
m0ze
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2020-01-09 (about 6 years ago)
Added
2020-01-09 (about 6 years ago)
Last Updated
2021-01-19 (about 5 years ago)
WPScan 