Path Traversal Vulnerability in ListingPro Plugin by CridioStudio
CVE-2024-39619

9CRITICAL

Key Information:

Vendor: WordPress
Status: Listingpro
Vendor: CVE Published:; 1 August 2024

What is CVE-2024-39619?

A path traversal vulnerability in the ListingPro plugin by CridioStudio permits PHP local file inclusion, which can lead to unauthorized access to files on the server. This flaw affects all versions from n/a to 2.9.3, posing a risk of exposing sensitive information and potentially compromising the integrity of affected applications.

Affected Version(s)

ListingPro 0 <= 2.9.4

References

https://patchstack.com/database/Wordpress/Plugin/listingp...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2024

CVE-2024-39619 Data

JSON

WordPress

What is CVE-2024-39619?

Affected Version(s)

References

CVSS V3.1

Timeline