CridioStudio ListingPro SQL Injection Vulnerability
CVE-2024-39622

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Listingpro
Vendor: CVE Published:; 29 August 2024

Summary

The ListingPro product from CridioStudio is impacted by a vulnerability that allows for SQL Injection due to improper neutralization of special elements used in SQL commands. This vulnerability affects versions from release n/a up to and including 2.9.4. Attackers exploiting this flaw may gain unauthorized access to the database, manipulate data, or perform administrative operations, thereby compromising the security and integrity of the application.

Affected Version(s)

ListingPro <= 2.9.4

References

https://patchstack.com/database/vulnerability/listingpro/...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2024
Vulnerability Reserved
Jun 26, 2024

Credit

Rafie Muhammad (Patchstack)