TownHub < 1.0.6 - Multiple Vulnerabilities



Description
Multiple vulnerabilities was discovered in the «TownHub - Directory & Listing WordPress Theme», tested version — v1.0.2:

- Unauthenticated XSS
- Authenticated Persistent XSS
- IDOR

Edit (WPScanTeam):
December 27h, 2019 - Envato Contacted
January 5th, 2020 - Envato Investigating
January 6th, 2020 - v1.0.6 released
Proof of Concept The PoC will be displayed on January 23, 2020, to give users the time to update.

Affects Theme

fixed in version 1.0.6

References

CVE 2019-20209
CVE 2019-20210
CVE 2019-20211
CVE 2019-20212
URL https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571

Classification

Type MULTI

Miscellaneous

Original Researcher m0ze
Submitter m0ze
Submitter Twitter m0ze_ru
Views 37709
Verified Yes
WPVDB ID 10014

Timeline

Publicly Published 2020-01-09 (14 days ago)
Added 2020-01-09 (13 days ago)
Last Updated 2020-01-14 (8 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin