The ListingPro plugin by CridioStudio suffers from a reflected cross-site scripting vulnerability due to improper input neutralization during web page generation. This vulnerability affects all versions up to 2.9.8. The CVSS 3.1 base score is 7.1, indicating a high severity issue with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability at a low level. No patch or vendor advisory is currently provided, and the product is not a cloud service.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of a victim's browser when they visit a crafted URL or page, potentially leading to partial disclosure of sensitive information, modification of data, or disruption of service. The reflected nature requires user interaction. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying web application firewall (WAF) rules to detect and block reflected XSS attempts and educate users to avoid clicking suspicious links. Monitor vendor channels for updates and patches.