12 matches found
CVE-2019-19540
CVE-2019-19540 affects the ListingPro WordPress Directory Theme prior to v2.0.14.2. The vulnerability is a Reflected XSS via the “What” field on the homepage, arising from insufficient input validation. The impact is documentable as a cross-site scripting flaw, with multiple sources confirming th...
CVE-2019-19542
CVE-2019-19542 affects the ListingPro WordPress Directory Theme prior to v2.0.14.2, where a Persistent XSS vulnerability exists via the Good For field on the new listing submit page. Multiple sources (NVD, Red Hat, CNVD/WPVulndb, CVE.org) confirm a stored/reflected cross-site scripting flaw in Li...
CVE-2019-19541
CVE-2019-19541 affects the ListingPro WordPress Directory Theme prior to v2.0.14.2, exposing a persistent XSS vulnerability via the Best Day/Night field on the new listing submit page. Public details in connected records describe the vulnerable input fields and the exploit path, including known P...
CVE-2024-39619
CVE-2024-39619 is a Path Traversal vulnerability in ListingPro (WordPress plugin/theme project) that allows PHP Local File Inclusion. Affected: ListingPro listing plugin versions up to 2.9.3 (and related listings in patch sources). Root cause per sources: improper limitation of a pathname to a re...
CVE-2024-39620
CVE-2024-39620 is the WordPress ListingPro plugin SQL Injection vulnerability (ListingPro
CVE-2024-39622
CVE-2024-39622 is an unauthenticated SQL injection in the WordPress ListingPro theme (and ListingPro Plugin entries) affecting versions up to 2.9.4; root cause is improper neutralization of SQL elements. Patch status across sources shows a fix in 2.9.5 (ListingPro theme) and related updates; unpa...
CVE-2024-39623
CVE-2024-39623 is a CSRF-to-authentication-bypass/vulnerability affecting the ListingPro WordPress theme (ListingPro:
CVE-2020-36719
CVE-2020-36719 concerns ListingPro (WordPress Directory & Listing Theme) prior to version 2.6.1. The root cause is a missing capability check in the lp_cc_addons_actions function, allowing unauthenticated attackers to arbitrarily install, activate, and deactivate plugins. Documented impacts inclu...
CVE-2024-39624
CVE-2024-39624: WordPress ListingPro Listing Theme
CVE-2024-38795
CVE-2024-38795 affects ListingPro Plugin for WordPress (versions
CVE-2024-39621
CVE-2024-39621 describes a path traversal vulnerability in ListingPro (WordPress plugin) that allows PHP local file inclusion in versions up to 2.9.3. Multiple connected sources confirm the issue originates from improper pathname limitation, enabling access to restricted directories and potential...
CVE-2020-36723
CVE-2020-36723 affects ListingPro — WordPress Directory & Listing Theme. Versions prior to 2.6.1 are vulnerable to sensitive data exposure via the ~/listingpro-plugin/functions.php file, allowing unauthenticated attackers to extract usernames, full names, email addresses, phone numbers, physical ...