Lucene search
+L
CridioListingpro

12 matches found

CVE
CVE
added 2019/12/26 2:33 p.m.85 views

CVE-2019-19540

CVE-2019-19540 affects the ListingPro WordPress Directory Theme prior to v2.0.14.2. The vulnerability is a Reflected XSS via the “What” field on the homepage, arising from insufficient input validation. The impact is documentable as a cross-site scripting flaw, with multiple sources confirming th...

6.1CVSS6AI score0.00934EPSS
CVE
CVE
added 2019/12/26 2:33 p.m.77 views

CVE-2019-19542

CVE-2019-19542 affects the ListingPro WordPress Directory Theme prior to v2.0.14.2, where a Persistent XSS vulnerability exists via the Good For field on the new listing submit page. Multiple sources (NVD, Red Hat, CNVD/WPVulndb, CVE.org) confirm a stored/reflected cross-site scripting flaw in Li...

5.4CVSS5.3AI score0.00717EPSS
CVE
CVE
added 2019/12/26 2:33 p.m.72 views

CVE-2019-19541

CVE-2019-19541 affects the ListingPro WordPress Directory Theme prior to v2.0.14.2, exposing a persistent XSS vulnerability via the Best Day/Night field on the new listing submit page. Public details in connected records describe the vulnerable input fields and the exploit path, including known P...

5.4CVSS5.3AI score0.00717EPSS
Web
CVE
CVE
added 2024/08/01 8:44 p.m.67 views

CVE-2024-39619

CVE-2024-39619 is a Path Traversal vulnerability in ListingPro (WordPress plugin/theme project) that allows PHP Local File Inclusion. Affected: ListingPro listing plugin versions up to 2.9.3 (and related listings in patch sources). Root cause per sources: improper limitation of a pathname to a re...

9.8CVSS5.9AI score0.00553EPSS
CVE
CVE
added 2024/08/29 2:14 p.m.65 views

CVE-2024-39620

CVE-2024-39620 is the WordPress ListingPro plugin SQL Injection vulnerability (ListingPro

8.8CVSS5.9AI score0.00445EPSS
CVE
CVE
added 2024/08/29 2:18 p.m.65 views

CVE-2024-39622

CVE-2024-39622 is an unauthenticated SQL injection in the WordPress ListingPro theme (and ListingPro Plugin entries) affecting versions up to 2.9.4; root cause is improper neutralization of SQL elements. Patch status across sources shows a fix in 2.9.5 (ListingPro theme) and related updates; unpa...

9.8CVSS5.9AI score0.00462EPSS
CVE
CVE
added 2025/01/02 12:56 p.m.65 views

CVE-2024-39623

CVE-2024-39623 is a CSRF-to-authentication-bypass/vulnerability affecting the ListingPro WordPress theme (ListingPro:

8.8CVSS5.9AI score0.00279EPSS
CVE
CVE
added 2023/06/07 1:51 a.m.63 views

CVE-2020-36719

CVE-2020-36719 concerns ListingPro (WordPress Directory & Listing Theme) prior to version 2.6.1. The root cause is a missing capability check in the lp_cc_addons_actions function, allowing unauthenticated attackers to arbitrarily install, activate, and deactivate plugins. Documented impacts inclu...

9.8CVSS9.1AI score0.04304EPSS
CVE
CVE
added 2024/08/01 8:40 p.m.63 views

CVE-2024-39624

CVE-2024-39624: WordPress ListingPro Listing Theme

8.8CVSS5.9AI score0.00525EPSS
CVE
CVE
added 2024/08/29 2:8 p.m.61 views

CVE-2024-38795

CVE-2024-38795 affects ListingPro Plugin for WordPress (versions

9.8CVSS5.9AI score0.00462EPSS
CVE
CVE
added 2024/08/01 8:42 p.m.56 views

CVE-2024-39621

CVE-2024-39621 describes a path traversal vulnerability in ListingPro (WordPress plugin) that allows PHP local file inclusion in versions up to 2.9.3. Multiple connected sources confirm the issue originates from improper pathname limitation, enabling access to restricted directories and potential...

8CVSS5.9AI score0.00521EPSS
CVE
CVE
added 2023/06/07 1:51 a.m.44 views

CVE-2020-36723

CVE-2020-36723 affects ListingPro — WordPress Directory & Listing Theme. Versions prior to 2.6.1 are vulnerable to sensitive data exposure via the ~/listingpro-plugin/functions.php file, allowing unauthenticated attackers to extract usernames, full names, email addresses, phone numbers, physical ...

5.3CVSS5AI score0.01608EPSS
In wild