Stylemixthemes CVEs and Security Vulnerabilities

Filtered by vendor Stylemixthemes Subscriptions

Search

Switch to Advanced Search (Beta)

Total 56 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-0441	1 Stylemixthemes	1 Masterstudy Lms	2024-11-21	9.8 Critical
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
CVE-2021-36880	1 Stylemixthemes	1 Ulisting	2024-11-21	8.6 High
Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.
CVE-2021-36879	1 Stylemixthemes	1 Ulisting	2024-11-21	9.8 Critical
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.
CVE-2021-36878	1 Stylemixthemes	1 Ulisting	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.
CVE-2021-36877	1 Stylemixthemes	1 Ulisting	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.
CVE-2021-36876	1 Stylemixthemes	1 Ulisting	2024-11-21	5.4 Medium
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.
CVE-2021-36875	1 Stylemixthemes	1 Ulisting	2024-11-21	4.8 Medium
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date].
CVE-2021-36874	1 Stylemixthemes	1 Ulisting	2024-11-21	7.1 High
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).
CVE-2019-17229	1 Stylemixthemes	1 Motors - Car Dealer\, Classifieds \& Listing	2024-11-21	6.1 Medium
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.
CVE-2019-17228	1 Stylemixthemes	1 Motors - Car Dealer\, Classifieds \& Listing	2024-11-21	6.5 Medium
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes.
CVE-2024-37269	1 Stylemixthemes	1 Masterstudy Elementor Widgets	2024-11-01	5.3 Medium
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2.
CVE-2024-6010	1 Stylemixthemes	2 Cost Calculator Builder, Cost Calculator Builder Pro	2024-10-28	5.3 Medium
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator. Note: this vulnerability was partially patched with the release of Cost Calculator Builder version 3.2.17.
CVE-2024-47344	1 Stylemixthemes	1 Ulisting	2024-10-07	5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5.
CVE-2024-8379	1 Stylemixthemes	1 Cost Calculator Builder	2024-10-07	7.2 High
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
CVE-2024-43990	1 Stylemixthemes	1 Masterstudy Lms	2024-09-26	5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8.
CVE-2024-43144	1 Stylemixthemes	1 Cost Calculator Builder	2024-09-19	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.

« first previous Page 3 of 3.