This vulnerability in ListingPro arises from missing authorization checks, allowing attackers with low privileges to access or perform actions beyond their intended permissions. The issue affects all versions before 2.9.10. The CVSS vector indicates the attack can be performed remotely over the network with low complexity and no user interaction, primarily impacting confidentiality and partially integrity. No patch or official remediation guidance is currently available, and the vendor has not published an advisory or fix at this time.

Successful exploitation could lead to unauthorized access to sensitive information or functionality within the ListingPro plugin, compromising confidentiality and partially affecting data integrity. There is no impact on availability. The vulnerability requires low privileges but no user interaction, making it a significant risk if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected ListingPro plugin and monitor for unusual activity related to access control. Avoid granting unnecessary privileges to users interacting with ListingPro.