← Back

Listeo

listeo

Vendor: Purethemes • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24318
1Purethemes
1Listeo
Nov 21, 2024
Jun 1, 2021
N/A· v4
6.5 MEDIUM· v3
5.5 MEDIUM· v2
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an ID...Show more
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector.Show less
CVE-2021-24317
1Purethemes
1Listeo
Nov 21, 2024
Jun 1, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues