Cross-Site Scripting Vulnerability in CridioStudio ListingPro Plugin
CVE-2025-63046
6.5MEDIUM
What is CVE-2025-63046?
The CridioStudio ListingPro plugin is vulnerable to an XSS attack due to improper handling of user inputs during web page generation. This vulnerability allows attackers to inject malicious scripts, which can be executed in the context of users' browsers, potentially leading to unauthorized actions or data exposure. Versions affected include ListingPro version 2.9.9 and earlier.
Affected Version(s)
ListingPro <= n/a
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program