PHP Remote File Inclusion Vulnerability in CridioStudio ListingPro Theme
CVE-2025-64377

Currently unrated

Key Information:

Vendor

WordPress
Status
Listingpro
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64377?

The ListingPro theme by CridioStudio contains a vulnerability that allows an attacker to exploit improper control of filenames during include or require statements. This can lead to PHP Local File Inclusion, enabling unauthorized access to sensitive files on the server. Affected users should update their theme to version 2.9.10 or later to mitigate this security risk.

Affected Version(s)

ListingPro <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/listi...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
JSON
.
CVE-2025-64377 : PHP Remote File Inclusion Vulnerability in CridioStudio ListingPro Theme