VYPR

Listeo

by WordPress

CVEs (3)

  • CVE-2025-8413MedOct 25, 2025
    risk 0.42cvss 6.4epss 0.00

    The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `soundcloud` shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…

  • CVE-2021-24318MedJun 1, 2021
    risk 0.42cvss 6.5epss 0.01

    The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector.

  • CVE-2021-24317MedJun 1, 2021
    risk 0.40cvss 6.1epss 0.01

    The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues