Reflected & Persistent XSS was discovered in the «ListingPro - WordPress Directory Theme». Current version is (August 9th 2019). Edit (WPScanTeam): November 29th, 2019 - Envato Informed November 29th, 2019 - Envato Investigating December 4th, 2019 - v2.0.14.3 Released, fixing the reflected XSS but not the stored one. Envato notified again. December 5th, 2019 - v2.0.14.4 released, stored XSS still present. December 5th, 2019 - Envato Confirmed Stored XSS still present. December 12th, 2019 - v2.0.14.5 released, fixing the stored XSS.
Share this page: Sharing Facebook Twitter LinkedIn Copy Text