Vulnerabilities > Cridio

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-38795 SQL Injection vulnerability in Cridio Listingpro
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
network
low complexity
cridio CWE-89
critical
9.8
2024-08-29 CVE-2024-39620 SQL Injection vulnerability in Cridio Listingpro
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.
network
low complexity
cridio CWE-89
8.8
2024-08-29 CVE-2024-39622 SQL Injection vulnerability in Cridio Listingpro
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.
network
low complexity
cridio CWE-89
critical
9.8
2023-06-07 CVE-2020-36719 Missing Authorization vulnerability in Cridio Listingpro
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1.
network
low complexity
cridio CWE-862
critical
9.8
2023-06-07 CVE-2020-36723 Unspecified vulnerability in Cridio Listingpro
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file.
network
low complexity
cridio
5.3
2019-12-26 CVE-2019-19542 Cross-site Scripting vulnerability in Cridio Listingpro
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.
network
cridio CWE-79
3.5
2019-12-26 CVE-2019-19541 Cross-site Scripting vulnerability in Cridio Listingpro
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.
network
cridio CWE-79
3.5
2019-12-26 CVE-2019-19540 Cross-site Scripting vulnerability in Cridio Listingpro
The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.
network
cridio CWE-79
4.3