CVE List

CVE-2019-20209

Critical 7.5

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.

Published January 13, 2020.

Affected software

Cththemes Citybook

Cththemes Townhub

Cththemes Easybook

Reference links

Sign Up for Alerts