First published: Mon Jan 13 2020(Updated: )
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cththemes Citybook | <2.3.4 | |
Cththemes Easybook | <1.2.2 | |
Cththemes Townhub | <1.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-20212.
The CityBook theme before version 2.3.4, TownHub theme before version 1.0.6, and EasyBook theme before version 1.2.2 for WordPress are affected.
The severity of CVE-2019-20212 is medium with a CVSS score of 6.1.
This vulnerability allows for Persistent XSS via the chat widget/page message form.
To fix the vulnerability, you should update your CityBook theme to version 2.3.4, TownHub theme to version 1.0.6, or EasyBook theme to version 1.2.2.