Access Control Vulnerability in ListingPro by CridioStudio
CVE-2025-64378

Currently unrated

Key Information:

Vendor

WordPress
Status
Listingpro
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64378?

A missing authorization vulnerability in ListingPro by CridioStudio allows attackers to exploit incorrectly configured access control security levels. This vulnerability affects all versions from n/a up to and including 2.9.10. Without adequate access controls implemented, unauthorized users could gain access to restricted areas and functionalities, potentially leading to unauthorized data exposure or manipulation.

Affected Version(s)

ListingPro <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/listi...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
JSON
.
CVE-2025-64378 : Access Control Vulnerability in ListingPro by CridioStudio