The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated...
9.8CVSS
9.1AI Score
0.003EPSS
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email....
5.3CVSS
5AI Score
0.001EPSS
The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the...
6.1CVSS
6AI Score
0.001EPSS
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit...
5.4CVSS
5.3AI Score
0.001EPSS
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit...
5.4CVSS
5.3AI Score
0.001EPSS