Cridiostudio Listingpro vulnerabilities
16 known vulnerabilities affecting cridiostudio/listingpro.
Total CVEs
16
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH8MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2025-64377P2HIGHCVSS 8.1Exploited≤ 2.9.102025-12-18
CVE-2025-64377 [HIGH] CWE-98 CVE-2025-64377: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through < 2.9.10.
nvd
CVE-2024-38795P2CRITICALCVSS 9.8≤ 2.9.42024-08-29
CVE-2024-38795 [CRITICAL] CWE-89 CVE-2024-38795: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39622P3CRITICALCVSS 9.8≤ 2.9.42024-08-29
CVE-2024-39622 [CRITICAL] CWE-89 CVE-2024-39622: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39619P3CRITICALCVSS 9.8≤ 2.9.42024-08-01
CVE-2024-39619 [CRITICAL] CWE-22 CVE-2024-39619: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crid
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39620P3HIGHCVSS 8.8≤ 2.9.42024-08-29
CVE-2024-39620 [HIGH] CWE-89 CVE-2024-39620: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39624P3HIGHCVSS 8.8≤ 2.9.42024-08-01
CVE-2024-39624 [HIGH] CWE-22 CVE-2024-39624: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crid
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39621P3HIGHCVSS 7.2≤ 2.9.42024-08-01
CVE-2024-39621 [HIGH] CWE-22 CVE-2024-39621: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crid
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2024-39623P3HIGHCVSS 8.8≤ 2.9.42025-01-02
CVE-2024-39623 [HIGH] CWE-352 CVE-2024-39623: Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro listingpro allows Authent
Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro listingpro allows Authentication Bypass.This issue affects ListingPro: from n/a through <= 2.9.4.
nvd
CVE-2025-64378P3HIGHCVSS 7.1≤ 2.9.102025-12-18
CVE-2025-64378 [HIGH] CWE-862 CVE-2025-64378: Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrec
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10.
nvd
CVE-2025-63039P3MEDIUMCVSS 6.5≤ 2.9.92025-12-18
CVE-2025-63039 [MEDIUM] CWE-862 CVE-2025-63039: Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrec
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
nvd
CVE-2025-60103P4MEDIUMCVSS 5.4≤ 2.9.82025-09-26
CVE-2025-60103 [MEDIUM] CWE-862 CVE-2025-60103: Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting I
Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.8.
nvd
CVE-2026-56046P4MEDIUMCVSS 6.5≥ n/a, ≤ 2.9.112026-06-26
CVE-2026-56046 [MEDIUM] CWE-79 CVE-2026-56046: Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
nvd
CVE-2025-63047P4MEDIUMCVSS 5.3≤ 2.9.92025-12-09
CVE-2025-63047 [MEDIUM] CWE-862 CVE-2025-63047: Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrec
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
nvd
CVE-2025-64376P4HIGHCVSS 7.1≤ 2.9.102025-12-18
CVE-2025-64376 [HIGH] CWE-79 CVE-2025-64376: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through < 2.9.10.
nvd
CVE-2026-28122P4HIGHCVSS 7.1≤ 2.9.82026-03-05
CVE-2026-28122 [HIGH] CWE-79 CVE-2026-28122: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through <= 2.9.8.
nvd
CVE-2025-63046P4MEDIUMCVSS 6.5≤ 2.9.92025-12-09
CVE-2025-63046 [MEDIUM] CWE-79 CVE-2025-63046: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Based XSS.This issue affects ListingPro: from n/a through <= 2.9.9.
nvd