CVE-2020-36723

nvd nist nuclei

Published: Jun 7, 2023Modified: Jun 17, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.

Affected (1)

Products: Cridio: Listingpro

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cridio Listingpro	Before 2.6.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/

Source: security@wordfence.com

Exploit

https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460

Source: security@wordfence.com

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cve

Source: security@wordfence.com

Third Party Advisory

https://blog.nintechnet.com/wordpress-listingpro-theme-fixed-a-critical-vulnerability/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://themeforest.net/item/listingpro-multipurpose-directory-theme/19386460

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.