CVE-2025-63039
Description
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ListingPro theme <=2.9.9 has a missing authorization vulnerability allowing unauthenticated attackers to exploit incorrectly configured access controls.
The ListingPro WordPress theme, versions up to and including 2.9.9, is affected by a missing authorization vulnerability. This flaw stems from incorrectly configured access control security levels, which can be exploited by attackers to perform actions that should require higher privileges. [1]
Attackers can exploit this vulnerability without needing any prior authentication or special access, making it possible to target thousands of websites in mass-exploit campaigns. The vulnerability is considered moderately dangerous and is expected to become actively exploited. [1]
Successful exploitation could allow an attacker to bypass intended access restrictions and perform unauthorized actions on the affected site. This could include modifying content, accessing sensitive data, or other administrative operations depending on the specific broken access control issue. [1]
Immediate action is recommended by updating the ListingPro theme to a patched version. If updating is not possible, site owners should consult their hosting provider or web developer for alternative security measures. The vulnerability has been publicly disclosed and is flagged as likely to be targeted by mass exploitation. [1]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.