VYPR

Listingpro

by WordPress

CVEs (7)

  • CVE-2020-36719CriJun 7, 2023
    risk 0.64cvss 9.8epss 0.04

    The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for…

  • CVE-2019-19540MedDec 26, 2019
    risk 0.40cvss 6.1epss 0.01

    The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.

  • CVE-2020-36723MedJun 7, 2023
    risk 0.35cvss 5.3epss 0.02

    The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including…

  • CVE-2019-19542MedDec 26, 2019
    risk 0.35cvss 5.4epss 0.01

    The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.

  • CVE-2019-19541MedDec 26, 2019
    risk 0.35cvss 5.4epss 0.01

    The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.

  • CVE-2025-63047MedDec 9, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.

  • CVE-2026-39438Jun 16, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.