Cross-site Scripting Vulnerability in CridioStudio ListingPro Product
CVE-2025-64376

Currently unrated

Key Information:

Vendor

WordPress
Status
Listingpro
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64376?

A Cross-site Scripting (XSS) vulnerability exists in CridioStudio's ListingPro product, allowing attackers to inject malicious scripts into web pages viewed by users. This security flaw can lead to data theft, session hijacking, and other malicious actions if exploited. Affected versions include ListingPro from n/a to versions earlier than 2.9.10. It is crucial for users and administrators to update to the latest version to mitigate potential risks.

Affected Version(s)

ListingPro <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/listi...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
JSON
.
CVE-2025-64376 : Cross-site Scripting Vulnerability in CridioStudio ListingPro Product