Vulnerability Description
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cridio | Listingpro | <= 2.6.1 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerabExploit
- https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a00Third Party Advisory
- https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerabExploit
- https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a00Third Party Advisory
FAQ
What is CVE-2020-36719?
CVE-2020-36719 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capabi...
How severe is CVE-2020-36719?
CVE-2020-36719 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-36719?
Check the references section above for vendor advisories and patch information. Affected products include: Cridio Listingpro.