Vulnerabilities > Cththemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-36502 | Cross-site Scripting vulnerability in Cththemes Balkon Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions. | 6.1 |
| 2023-06-26 | CVE-2023-29430 | Cross-site Scripting vulnerability in Cththemes Theroof 1.0.3 Unauth. | 6.1 |
| 2023-04-07 | CVE-2023-25041 | Cross-site Scripting vulnerability in Cththemes Monolit Unauth. | 6.1 |
| 2023-04-07 | CVE-2023-29236 | Cross-site Scripting vulnerability in Cththemes Outdoor Unauth. | 6.1 |
| 2020-01-13 | CVE-2019-20212 | Cross-site Scripting vulnerability in Cththemes Citybook, Easybook and Townhub The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form. | 6.1 |
| 2020-01-13 | CVE-2019-20211 | Cross-site Scripting vulnerability in Cththemes Citybook, Easybook and Townhub The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website. | 6.1 |
| 2020-01-13 | CVE-2019-20210 | Cross-site Scripting vulnerability in Cththemes Citybook, Easybook and Townhub The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query. | 6.1 |
| 2020-01-13 | CVE-2019-20209 | Authorization Bypass Through User-Controlled Key vulnerability in Cththemes Citybook, Easybook and Townhub The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing. | 7.5 |