Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Listingpro Security Vulnerabilities

cve
cve

CVE-2019-19540

The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.

6.1CVSS

6AI Score

0.001EPSS

2019-12-26 03:15 PM
53
cve
cve

CVE-2019-19541

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.

5.4CVSS

5.3AI Score

0.001EPSS

2019-12-26 03:15 PM
50
cve
cve

CVE-2019-19542

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.

5.4CVSS

5.3AI Score

0.001EPSS

2019-12-26 03:15 PM
53
cve
cve

CVE-2020-36719

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attacke...

9.8CVSS

9.1AI Score

0.003EPSS

2023-06-07 02:15 AM
19
cve
cve

CVE-2020-36723

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email ...

5.3CVSS

5AI Score

0.001EPSS

2023-06-07 02:15 AM
15
cve
cve

CVE-2024-38795

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.

9.8CVSS

9.7AI Score

0.001EPSS

2024-08-29 03:15 PM
24
cve
cve

CVE-2024-39620

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.

8.8CVSS

8.9AI Score

0.001EPSS

2024-08-29 03:15 PM
24
cve
cve

CVE-2024-39621

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3.

8CVSS

8.1AI Score

0.0004EPSS

2024-08-01 09:15 PM
25
cve
cve

CVE-2024-39622

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.

9.8CVSS

9.7AI Score

0.001EPSS

2024-08-29 03:15 PM
26
cve
cve

CVE-2024-39624

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3.

8.5CVSS

8.5AI Score

0.0004EPSS

2024-08-01 09:15 PM
30