Reflected & Persistent XSS was discovered in the «ListingPro - WordPress Directory Theme». Current version is 18.104.22.168 (August 9th 2019). Edit (WPScanTeam): November 29th, 2019 - Envato Informed November 29th, 2019 - Envato Investigating December 4th, 2019 - v22.214.171.124 Released, fixing the reflected XSS but not the stored one. Envato notified again. December 5th, 2019 - v126.96.36.199 released, stored XSS still present. December 5th, 2019 - Envato Confirmed Stored XSS still present. December 12th, 2019 - v188.8.131.52 released, fixing the stored XSS.