CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13815 – Listingo - Business Listing and Directory WordPress Theme <= 3.2.7 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-13815
04 Mar 2025 — The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. El tema Listingo para WordPress es vulnerable a la ejecución de códigos cortos arbitrarios en todas las versiones hasta la 3.2.7 incluida. Esto se debe a que el sof... • https://themeforest.net/item/listingo-business-listing-wordpress-directory-theme/20617051 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 34%CPEs: 1EXPL: 1CVE-2022-3921 – Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-3921
21 Nov 2022 — The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE El tema de WordPress Listingo anterior a 3.2.7 no valida los archivos que se cargarán mediante una acción AJAX disponible para usuarios no autenticados, lo que podría permitirles cargar archivos arbitrarios y conducir a RCE. The Listingo theme for WordPress is vulnerable to arbitrary file uploads due to missin... • https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f • CWE-434: Unrestricted Upload of File with Dangerous Type •