cridio CVE Vulnerabilities & Metrics

Focus on cridio vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About cridio Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with cridio. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total cridio CVEs: 9
Earliest CVE date: 26 Dec 2019, 15:15 UTC
Latest CVE date: 29 Aug 2024, 15:15 UTC

Latest CVE reference: CVE-2024-39622

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical cridio CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.26

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	8
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS cridio CVEs

These are the five CVEs with the highest CVSS scores for cridio, sorted by severity first and recency.

CVE-2019-19540 cridio Published on 26 Dec 2019, 15:15 UTC (CVSS: 4.3)
The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.
CVE-2019-19542 cridio Published on 26 Dec 2019, 15:15 UTC (CVSS: 3.5)
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.
CVE-2019-19541 cridio Published on 26 Dec 2019, 15:15 UTC (CVSS: 3.5)
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.
CVE-2024-39622 cridio Published on 29 Aug 2024, 15:15 UTC (CVSS: 0)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.
CVE-2024-39620 cridio Published on 29 Aug 2024, 15:15 UTC (CVSS: 0)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.

All CVEs for cridio

CVE-2024-39622 cridio vulnerability CVSS: 0 29 Aug 2024, 15:15 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4.

CVE-2024-39620 cridio vulnerability CVSS: 0 29 Aug 2024, 15:15 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4.

CVE-2024-38795 cridio vulnerability CVSS: 0 29 Aug 2024, 15:15 UTC

CVE-2024-39624 cridio vulnerability CVSS: 0 01 Aug 2024, 21:15 UTC

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3.

CVE-2020-36723 cridio vulnerability CVSS: 0 07 Jun 2023, 02:15 UTC

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.

CVE-2020-36719 cridio vulnerability CVSS: 0 07 Jun 2023, 02:15 UTC

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.

CVE-2019-19542 cridio vulnerability CVSS: 3.5 26 Dec 2019, 15:15 UTC

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Good For field on the new listing submit page.

CVE-2019-19541 cridio vulnerability CVSS: 3.5 26 Dec 2019, 15:15 UTC

The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.

CVE-2019-19540 cridio vulnerability CVSS: 4.3 26 Dec 2019, 15:15 UTC

The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.