Medium severity5.3NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2020-36723

Description

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.

Affected products

Cridio/Listingpro
cpe:2.3:a:cridio:listingpro:*:*:*:*:*:wordpress:*:*
Range: <2.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/nvdExploit
www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498nvdThird Party Advisory
themeforest.net/item/listingpro-multipurpose-directory-theme/19386460nvdProduct

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.017
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000