Listingpro
by WordPress
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36719 | Cri | 0.64 | 9.8 | 0.04 | Jun 7, 2023 | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for… | ||
| CVE-2019-19540 | Med | 0.40 | 6.1 | 0.01 | Dec 26, 2019 | The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage. | ||
| CVE-2020-36723 | Med | 0.35 | 5.3 | 0.02 | Jun 7, 2023 | The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including… | ||
| CVE-2019-19542 | Med | 0.35 | 5.4 | 0.01 | Dec 26, 2019 | The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page. | ||
| CVE-2019-19541 | Med | 0.35 | 5.4 | 0.01 | Dec 26, 2019 | The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page. | ||
| CVE-2025-63047 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9. | ||
| CVE-2026-39438 | 0.00 | — | 0.00 | Jun 16, 2026 | Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions. |
- risk 0.64cvss 9.8epss 0.04
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for…
- risk 0.40cvss 6.1epss 0.01
The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.
- risk 0.35cvss 5.3epss 0.02
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including…
- risk 0.35cvss 5.4epss 0.01
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.
- risk 0.35cvss 5.4epss 0.01
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
- CVE-2026-39438Jun 16, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.