Reflected & Persistent XSS was discovered in the «ListingPro - WordPress Directory Theme». Current version is 126.96.36.199 (August 9th 2019). Edit (WPScanTeam): November 29th, 2019 - Envato Informed November 29th, 2019 - Envato Investigating December 4th, 2019 - v188.8.131.52 Released, fixing the reflected XSS but not the stored one. Envato notified again. December 5th, 2019 - v184.108.40.206 released, stored XSS still present. December 5th, 2019 - Envato Confirmed Stored XSS still present. December 12th, 2019 - v220.127.116.11 released, fixing the stored XSS.