CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

• CWE-79

• https://cxsecurity.com/issue/WLB-2019120110Exploit, Third Party Advisory
• https://cxsecurity.com/issue/WLB-2019120111Exploit, Third Party Advisory
• https://cxsecurity.com/issue/WLB-2019120112Exploit, Third Party Advisory
• https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727Third Party Advisory
• https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622Third Party Advisory
• https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571Third Party Advisory
• https://wpvulndb.com/vulnerabilities/10013Third Party Advisory
• https://wpvulndb.com/vulnerabilities/10014Third Party Advisory
• https://wpvulndb.com/vulnerabilities/10018Third Party Advisory
• https://cxsecurity.com/issue/WLB-2019120110Exploit, Third Party Advisory
• https://cxsecurity.com/issue/WLB-2019120111Exploit, Third Party Advisory
• https://cxsecurity.com/issue/WLB-2019120112Exploit, Third Party Advisory
• https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727Third Party Advisory
• https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622Third Party Advisory
• https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571Third Party Advisory
• https://wpvulndb.com/vulnerabilities/10013Third Party Advisory
• https://wpvulndb.com/vulnerabilities/10014Third Party Advisory
• https://wpvulndb.com/vulnerabilities/10018Third Party Advisory

Published

Jan 13, 2020

Last Modified

Jun 17, 2026

Status

Modified