ByteOS

Assigner-Patchstack

CVSS Score-8.8||HIGH

EPSS-0.14% / 33.76%

||

7 Day CHG~0.00%

Published-02 Jan, 2025 | 12:56

Updated-28 Apr, 2026 | 16:10

WordPress ListingPro theme <= 2.9.4 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro listingpro allows Authentication Bypass.This issue affects ListingPro: from n/a through <= 2.9.4.

Vendor-cridio CridioStudio

Product-listingpro ListingPro

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39622

Assigner-Patchstack

Assigner-Patchstack

CVSS Score-9.3||CRITICAL

EPSS-0.41% / 61.75%

||

7 Day CHG~0.00%

Published-29 Aug, 2024 | 14:18

Updated-28 Apr, 2026 | 16:10

WordPress ListingPro theme <= 2.9.4 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-39620

Assigner-Patchstack

Assigner-Patchstack

CVSS Score-8.5||HIGH

EPSS-0.57% / 69.08%

||

7 Day CHG~0.00%

Published-29 Aug, 2024 | 14:14

Updated-28 Apr, 2026 | 16:10

WordPress ListingPro plugin <= 2.9.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.

Vendor-cridio CridioStudio

Product-listingpro ListingPro

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-38795

Assigner-Patchstack

Assigner-Patchstack

CVSS Score-9.3||CRITICAL

EPSS-0.73% / 72.98%

||

7 Day CHG~0.00%

Published-29 Aug, 2024 | 14:08

Updated-28 Apr, 2026 | 16:10

WordPress ListingPro plugin <= 2.9.4 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-39619

Assigner-Patchstack

Assigner-Patchstack

CVSS Score-9||CRITICAL

EPSS-1.66% / 82.42%

||

7 Day CHG~0.00%

Published-01 Aug, 2024 | 20:44

Updated-11 May, 2026 | 21:04

WordPress ListingPro plugin <= 2.9.4 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2024-39621

Assigner-Patchstack

Assigner-Patchstack

CVSS Score-8||HIGH

EPSS-1.16% / 78.98%

||

7 Day CHG~0.00%

Published-01 Aug, 2024 | 20:42

Updated-28 Apr, 2026 | 16:10

WordPress ListingPro plugin <= 2.9.4 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2024-39624

Assigner-Patchstack

Assigner-Patchstack

CVSS Score-8.5||HIGH

EPSS-1.66% / 82.43%

||

7 Day CHG~0.00%

Published-01 Aug, 2024 | 20:40

Updated-28 Apr, 2026 | 16:10

WordPress ListingPro theme <= 2.9.4 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2020-36723

Assigner-Wordfence

Assigner-Wordfence

CVSS Score-5.3||MEDIUM

EPSS-20.69% / 95.71%

||

7 Day CHG~0.00%

Published-07 Jun, 2023 | 01:51

Updated-08 Apr, 2026 | 19:17

ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.

Vendor-cridio n/a

Product-listingpro ListingPro - WordPress Directory & Listing Theme

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2020-36719

Assigner-Wordfence

Assigner-Wordfence

CVSS Score-9.8||CRITICAL

EPSS-74.30% / 98.86%

||

7 Day CHG~0.00%

Published-07 Jun, 2023 | 01:51

Updated-08 Apr, 2026 | 18:17

ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.

Vendor-cridio n/a

Product-listingpro ListingPro - WordPress Directory & Listing Theme

CWE ID-CWE-862

Missing Authorization

CVE-2019-19540

Assigner-MITRE Corporation