cbcvebase.

Cridio Listingpro vulnerabilities

12 known vulnerabilities affecting cridio/listingpro.

Total CVEs
12
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL4HIGH4MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2020-36719P1CRITICALCVSS 9.8ExploitedPoC≤ 2.6.12023-06-07
CVE-2020-36719 [CRITICAL] CWE-862 CVE-2020-36719: The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate
nvd
CVE-2020-36723P2MEDIUMCVSS 5.3ExploitedPoCfixed in 2.6.12023-06-07
CVE-2020-36723 [MEDIUM] CWE-200 CVE-2020-36723: The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data E The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and use
nvd
CVE-2024-38795P2CRITICALCVSS 9.8≤ 2.9.42024-08-29
CVE-2024-38795 [CRITICAL] CWE-89 CVE-2024-38795: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39622P3CRITICALCVSS 9.8≤ 2.9.42024-08-29
CVE-2024-39622 [CRITICAL] CWE-89 CVE-2024-39622: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39619P3CRITICALCVSS 9.8fixed in 2.9.52024-08-01
CVE-2024-39619 [CRITICAL] CWE-22 CVE-2024-39619: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crid Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39620P3HIGHCVSS 8.8≤ 2.9.42024-08-29
CVE-2024-39620 [HIGH] CWE-89 CVE-2024-39620: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39624P3HIGHCVSS 8.8fixed in 2.9.52024-08-01
CVE-2024-39624 [HIGH] CWE-22 CVE-2024-39624: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crid Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39621P3HIGHCVSS 7.2fixed in 2.9.52024-08-01
CVE-2024-39621 [HIGH] CWE-22 CVE-2024-39621: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crid Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39623P3HIGHCVSS 8.8fixed in 2.9.52025-01-02
CVE-2024-39623 [HIGH] CWE-352 CVE-2024-39623: Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro listingpro allows Authent Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro listingpro allows Authentication Bypass.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2019-19540P4MEDIUMCVSS 6.1fixed in 2.0.14.22019-12-26
CVE-2019-19540 [MEDIUM] CWE-79 CVE-2019-19540: The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the home The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.
nvd
CVE-2019-19541P4MEDIUMCVSS 5.4fixed in 2.0.14.22019-12-26
CVE-2019-19541 [MEDIUM] CWE-79 CVE-2019-19541: The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.
nvd
CVE-2019-19542P4MEDIUMCVSS 5.4fixed in 2.0.14.22019-12-26
CVE-2019-19542 [MEDIUM] CWE-79 CVE-2019-19542: The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.
nvd
Cridio Listingpro vulnerabilities | cvebase