VYPR

EasyBook

by WordPress

CVEs (4)

  • CVE-2019-20209HigJan 13, 2020
    risk 0.49cvss 7.5epss 0.03

    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.

  • CVE-2019-20212MedJan 13, 2020
    risk 0.40cvss 6.1epss 0.03

    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.

  • CVE-2019-20211MedJan 13, 2020
    risk 0.40cvss 6.1epss 0.03

    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address,…

  • CVE-2019-20210MedJan 13, 2020
    risk 0.40cvss 6.1epss 0.03

    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.