Cridio Listingpro
12 CVEs affecting Cridio Listingpro. Latest disclosed: 2025-01-02. Critical: 4, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-36719 | Critical | 9.8 | 2023-06-07 | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions befo… |
CVE-2024-39622 | Critical | 9.3 | 2024-08-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro allows SQL Injection.T… |
CVE-2024-38795 | Critical | 9.3 | 2024-08-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Inje… |
CVE-2024-39619 | Critical | 9.0 | 2024-08-01 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File… |
CVE-2024-39623 | High | 8.8 | 2025-01-02 | Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro listingpro allows Authentication Bypass.This issue affects ListingPro: from n/a thro… |
CVE-2024-39620 | High | 8.5 | 2024-08-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Inje… |
CVE-2024-39624 | High | 8.5 | 2024-08-01 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclus… |
CVE-2024-39621 | High | 8.0 | 2024-08-01 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File… |
CVE-2019-19540 | Medium | 6.1 | 2019-12-26 | The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. |
CVE-2019-19542 | Medium | 5.4 | 2019-12-26 | The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page. |
CVE-2019-19541 | Medium | 5.4 | 2019-12-26 | The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. |
CVE-2020-36723 | Medium | 5.3 | 2023-06-07 | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugi… |