CVE-2019-20210
MEDIUM NUCLEICTHthemes CityBook, TownHub, and EasyBook - Reflected Cross-Site Scripting via Search Query
Title source: llmExploitation Summary
CVE-2019-20210 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
Nuclei Templates (1)
WordPress CTHthemes - Cross-Site Scripting
MEDIUMby edoardottt
References (9)
Core 9
Core References
Third Party Advisory x_refsource_misc
https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
Third Party Advisory x_refsource_misc
https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
Third Party Advisory x_refsource_misc
https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/10013
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/10014
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/10018
Exploit, Third Party Advisory x_refsource_misc
https://cxsecurity.com/issue/WLB-2019120111
Exploit, Third Party Advisory x_refsource_misc
https://cxsecurity.com/issue/WLB-2019120112
Exploit, Third Party Advisory x_refsource_misc
https://cxsecurity.com/issue/WLB-2019120110
Scores
CVSS v3
6.1
EPSS
0.0313
EPSS Percentile
86.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
cththemes/citybook
< 2.3.4
cththemes/easybook
< 1.2.2
cththemes/townhub
< 1.0.6
Published
Jan 13, 2020
Tracked Since
Feb 18, 2026