Vulnerability Description
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cridio | Listingpro | < 2.6.1 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerabExploit
- https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a38Third Party Advisory
- https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerabExploit
- https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a38Third Party Advisory
FAQ
What is CVE-2020-36723?
CVE-2020-36723 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possi...
How severe is CVE-2020-36723?
CVE-2020-36723 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36723?
Check the references section above for vendor advisories and patch information. Affected products include: Cridio Listingpro.