Themes Vulnerabilities

ListingPro < 2.6.1 - Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation

Description

Unauthenticated users could install/activate/deactivate arbitrary plugins, including install one from a remote source under their control (by having $_REQUEST['ccDestin'] set to external and $_REQUEST['ccFileUrl'] to the remote ZIP file)

Affects Themes

listingpro
Fixed in 2.6.1

References

CVE
CVE-2020-36719
URL
https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
10.0 (critical)

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet)
Verified
No
WPVDB ID
814d5f2d-399a-4738-a48b-009c4f8043ee

Timeline

Publicly Published
2020-12-17 (about 5 years ago)
Added
2020-12-17 (about 5 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2015-07-15
Title
WP Attachment Export < 0.2.4 - Unauthenticated Posts Download
Published
2024-02-27
Title
Under Construction / Maintenance Mode from Acurax <= 2.6 - Information Exposure
Published
2020-04-28
Title
Quick Page/Post redirect < 5.2.0 - Authenticated Settings Update
Published
2021-05-26
Title
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value
Published
2024-08-31
Title
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder < 5.1.19 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification