Path Traversal Vulnerability in CridioStudio ListingPro by CridioStudio
CVE-2024-39624

8.5HIGH

Key Information:

Vendor: WordPress
Status: Listingpro
Vendor: CVE Published:; 1 August 2024

What is CVE-2024-39624?

A vulnerability in CridioStudio's ListingPro allows for improper limitation of a pathname, leading to potential local file inclusion. This flaw enables attackers to manipulate directory paths, potentially granting unauthorized access to sensitive files on the server. The issue impacts all versions of ListingPro up to and including 2.9.3, highlighting the importance of immediate updates and security measures to safeguard against such intrusions.

Affected Version(s)

ListingPro 0 <= 2.9.4

References

https://patchstack.com/database/Wordpress/Theme/listingpr...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2024

CVE-2024-39624 Data

JSON

WordPress

What is CVE-2024-39624?

Affected Version(s)

References

CVSS V3.1

Timeline