CVE-2020-36723

MEDIUM EXPLOITED NUCLEI

ListingPro - WordPress Directory & Listing Theme <2.6.1 - Info Disc...

Title source: llm

Exploitation Summary

CVE-2020-36723 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.

Nuclei Templates (1)

ListingPro < 2.6.1 - Sensitive Data Disclosure

HIGHVERIFIEDby ritikchaddha

FOFA: body="/wp-content/plugins/listingpro"

References (3)

Core 3

Core References

Exploit

https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/

Product

https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cve

Scores

CVSS v3 5.3

EPSS 0.0161

EPSS Percentile 72.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-10-27

CWE

CWE-200

Status published

Products (2)

None/ListingPro - WordPress Directory & Listing Theme < 2.6.1

cridio/listingpro < 2.6.1

Published Jun 07, 2023

Tracked Since Feb 18, 2026