Cridio: >> Listingpro >> 1.1.10 Security Vulnerabilities
Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.This issue affects ListingPro: from n/a through 2.9.4.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-02
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
CVSS Score
9.3
EPSS Score
0.006
Published
2024-08-29
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
CVSS Score
8.5
EPSS Score
0.003
Published
2024-08-29
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.
CVSS Score
9.3
EPSS Score
0.003
Published
2024-08-29
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3.
CVSS Score
8.0
EPSS Score
0.004
Published
2024-08-01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3.
CVSS Score
8.5
EPSS Score
0.004
Published
2024-08-01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3.
CVSS Score
9.0
EPSS Score
0.005
Published
2024-08-01
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-06-07
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-06-07
The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-12-26
Page 1