CVEDB API

Vulnerabilities

Vulnerable Software

Cridio: >> Listingpro >> 2.6.1 Security Vulnerabilities

CVE-2024-39623

Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.This issue affects ListingPro: from n/a through 2.9.4.

CVSS Score

8.8

EPSS Score

0.001

Published

2025-01-02

CVE-2024-38795

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.

CVSS Score

9.3

EPSS Score

0.006

Published

2024-08-29

CVE-2024-39620

CVSS Score

8.5

EPSS Score

0.003

Published

2024-08-29

CVE-2024-39622

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.

CVSS Score

9.3

EPSS Score

0.003

Published

2024-08-29

CVE-2024-39621

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3.

CVSS Score

8.0

EPSS Score

0.004

Published

2024-08-01

CVE-2024-39624

CVSS Score

8.5

EPSS Score

0.004

Published

2024-08-01

CVE-2024-39619

CVSS Score

9.0

EPSS Score

0.005

Published

2024-08-01

CVE-2020-36719

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.

CVSS Score

9.8

EPSS Score

0.009

Published

2023-06-07

Page 1

Vulnerabilities

Vulnerable Software

Cridio: >> Listingpro >> 2.6.1 Security Vulnerabilities

Products

Pricing

Contact Us