Listingpro

listingpro

Vendor: Cridio • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-39623 1Cridio 1Listingpro Apr 23, 2026 Jan 2, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro listingpro allows Authentication Bypass.This issue affects ListingPro: from n/a through <= 2.9.4.
CVE-2024-39622 1Cridio 1Listingpro Apr 23, 2026 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.
CVE-2024-39620 1Cridio 1Listingpro Apr 23, 2026 Aug 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9....Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.Show less
CVE-2024-38795 1Cridio 1Listingpro Apr 23, 2026 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9....Show more Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.Show less
CVE-2024-39624 1Cridio 1Listingpro Apr 23, 2026 Aug 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
CVE-2024-39621 1Cridio 1Listingpro Apr 23, 2026 Aug 1, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <=...Show more Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.Show less
CVE-2024-39619 1Cridio 1Listingpro Apr 23, 2026 Aug 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <=...Show more Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.Show less
CVE-2020-36723 1Cridio 1Listingpro Jun 17, 2026 Jun 7, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthentica...Show more The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.Show less
CVE-2020-36719 1Cridio 1Listingpro Jun 17, 2026 Jun 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp...Show more The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.Show less
CVE-2019-19542 1Cridio 1Listingpro Jun 17, 2026 Dec 26, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.
CVE-2019-19541 1Cridio 1Listingpro Jun 17, 2026 Dec 26, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.
CVE-2019-19540 1Cridio 1Listingpro Jun 17, 2026 Dec 26, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.