ThreatPress

WordPress Vulnerabilities Database

Back

WordPress CityBook theme <= 2.3.3 - Multiple vulnerabilities (Reflected XSS, Persistent XSS & IDOR)

Product
CityBook
Description
Multiple vulnerabilities (Reflected XSS, Persistent XSS & IDOR) found by m0ze in WordPress CityBook theme (versions <= 2.3.3).
Solution
Update the WordPress CityBook theme to the latest available version (at least 2.3.4).
Classification
Type Multi
References
Theme changelog
CVE
Name CVE-2019-20210, 2019-20211, 2019-20212, 2019-20209
Versions
Affected In <= 2.3.3
Fixed In 2.3.4
Disclosure date
2020-01-09
Credits
m0ze
Submitter
ThreatPress