Vulnerabilities > CVE-2019-20209 - Authorization Bypass Through User-Controlled Key vulnerability in Cththemes Citybook, Easybook and Townhub
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
References
- https://cxsecurity.com/issue/WLB-2019120110
- https://cxsecurity.com/issue/WLB-2019120110
- https://cxsecurity.com/issue/WLB-2019120111
- https://cxsecurity.com/issue/WLB-2019120111
- https://cxsecurity.com/issue/WLB-2019120112
- https://cxsecurity.com/issue/WLB-2019120112
- https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
- https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
- https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
- https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
- https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
- https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
- https://wpvulndb.com/vulnerabilities/10013
- https://wpvulndb.com/vulnerabilities/10013
- https://wpvulndb.com/vulnerabilities/10014
- https://wpvulndb.com/vulnerabilities/10014
- https://wpvulndb.com/vulnerabilities/10018
- https://wpvulndb.com/vulnerabilities/10018