CVE-2020-36723

MEDIUM EXPLOITED NUCLEI

ListingPro - WordPress Directory & Listing Theme <2.6.1 - Info Disc...

Title source: llm

Description

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.

Nuclei Templates (1)

ListingPro < 2.6.1 - Sensitive Data Disclosure

HIGHVERIFIEDby ritikchaddha

FOFA: body="/wp-content/plugins/listingpro"

References (3)

[Exploit] https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/

[Product] https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cve

Scores

CVSS v3 5.3

EPSS 0.2069

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2025-10-27

CWE

CWE-200

Status published

Products (2)

None/ListingPro - WordPress Directory & Listing Theme < 2.6.1

cridio/listingpro < 2.6.1

Published Jun 07, 2023

Tracked Since Feb 18, 2026