CVE Catalog
CVE-2026-56046
MediumCVSS 6.5Summary
Cross Site Scripting (XSS) vulnerability in ListingPro plugin versions up to 2.9.11, allowing subscriber-level users to inject malicious JavaScript code.
Risk Assessment
An attacker can steal user sessions, redirect users to malicious sites, or perform other unauthorized actions in the victim's browser context.
Recommendation
It is recommended to immediately update the ListingPro plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.

