CRITICAL
Emraan Cheema
CVE published 2026-06-17
CVE-2026-39438
A critical vulnerability was discovered in the ListingPro plugin, versions up to 2.9.10. This vulnerability allows unauthenticated attackers to inject malicious SQL, potentially leading to data breaches and system compromise. With a CVSS score of 9.3, this issue is considered CRITICAL. The vulnerability was made public on June 17, 2026. Users of the affected plugin versions should take immediate action to [truncated]