Themes Vulnerabilities
EasyBook < 1.2.2 - Multiple Vulnerabilities
Description
Multiple vulnerabilities was discovered in the 'EasyBook – Directory & Listing WordPress Theme', tested version — v1.2.1:
- Unauthenticated Reflected XSS
- Authenticated Persistent XSS
- IDOR
December 27th, 2019 - Envato Contacted
January 6th, 2020 - Envato Investigating
January ??th, 2020 - Theme has been removed from Envato
January 8th, 2020 - v1.2.2 released
January 10th, 2020 - Theme put back on Envato
Proof of Concept
Affects Themes
Fixed in 1.2.2 References
Miscellaneous
Original Researcher
m0ze
Submitter
m0ze
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2020-01-10 (about 6 years ago)
Added
2020-01-11 (about 6 years ago)
Last Updated
2021-01-19 (about 5 years ago)
WPScan 