First published: Mon Jan 13 2020(Updated: )
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cththemes Citybook | <2.3.4 | |
Cththemes Easybook | <1.2.2 | |
Cththemes Townhub | <1.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-20211.
The severity of CVE-2019-20211 is medium.
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress are affected by CVE-2019-20211.
CVE-2019-20211 allows for persistent cross-site scripting (XSS) attacks via various input fields in the affected WordPress themes.
Yes, updating to the latest version of the CTHthemes CityBook, TownHub, and EasyBook themes for WordPress (2.3.4, 1.0.6, and 1.2.2 respectively) will fix the vulnerability.