CVE Catalog

CVE-2026-56046

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

Cross Site Scripting (XSS) vulnerability in ListingPro plugin versions up to 2.9.11, allowing subscriber-level users to inject malicious JavaScript code.

Risk Assessment

An attacker can steal user sessions, redirect users to malicious sites, or perform other unauthorized actions in the victim's browser context.

Recommendation

It is recommended to immediately update the ListingPro plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS