First published: Mon Jan 13 2020(Updated: )
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cththemes Citybook | <2.3.4 | |
Cththemes Easybook | <1.2.2 | |
Cththemes Townhub | <1.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-20209.
CVE-2019-20209 has a severity of 7.5 (high).
The CTHthemes CityBook versions up to and excluding 2.3.4, TownHub versions up to and excluding 1.0.6, and EasyBook versions up to and excluding 1.2.2 are affected.
The vulnerability in these themes allows for an insecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
Yes, you can find more information about this vulnerability at the following links: [Link 1](https://cxsecurity.com/issue/WLB-2019120110), [Link 2](https://cxsecurity.com/issue/WLB-2019120111), [Link 3](https://cxsecurity.com/issue/WLB-2019120112).