Cridiostudio Listingpro
16 CVEs affecting Cridiostudio Listingpro. Latest disclosed: 2026-06-26. Critical: 3, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-39622 | Critical | 9.3 | 2024-08-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro allows SQL Injection.T… |
CVE-2024-38795 | Critical | 9.3 | 2024-08-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Inje… |
CVE-2024-39619 | Critical | 9.0 | 2024-08-01 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File… |
CVE-2024-39623 | High | 8.8 | 2025-01-02 | Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro listingpro allows Authentication Bypass.This issue affects ListingPro: from n/a thro… |
CVE-2024-39620 | High | 8.5 | 2024-08-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Inje… |
CVE-2024-39624 | High | 8.5 | 2024-08-01 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclus… |
CVE-2025-64377 | High | 8.1 | 2025-12-18 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CridioStudio ListingPro listingpro all… |
CVE-2024-39621 | High | 8.0 | 2024-08-01 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File… |
CVE-2026-28122 | High | 7.1 | 2026-03-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflecte… |
CVE-2025-64378 | High | 7.1 | 2025-12-18 | Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… |
CVE-2025-64376 | High | 7.1 | 2025-12-18 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.T… |
CVE-2026-56046 | Medium | 6.5 | 2026-06-26 | Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions. |
CVE-2025-63039 | Medium | 6.5 | 2025-12-18 | Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… |
CVE-2025-63046 | Medium | 6.5 | 2025-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Base… |
CVE-2025-60103 | Medium | 5.4 | 2025-09-26 | Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This i… |
CVE-2025-63047 | Medium | 5.3 | 2025-12-09 | Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… |