Vulnerabilities > Stylemixthemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-30 | CVE-2024-8379 | SQL Injection vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | 7.2 |
| 2024-09-07 | CVE-2024-6010 | Unspecified vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. | 5.3 |
| 2024-08-29 | CVE-2024-43144 | SQL Injection vulnerability in Stylemixthemes Cost Calculator Builder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. | 9.8 |
| 2024-07-22 | CVE-2024-5973 | Unspecified vulnerability in Stylemixthemes Masterstudy LMS The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have. | 8.8 |
| 2024-07-09 | CVE-2024-37090 | SQL Injection vulnerability in Stylemixthemes products Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0. | 8.8 |
| 2024-07-02 | CVE-2024-6011 | Cross-site Scripting vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-07-02 | CVE-2024-6012 | Missing Authorization vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. | 4.3 |
| 2024-07-02 | CVE-2024-5545 | Missing Authorization vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. | 5.3 |
| 2024-06-24 | CVE-2024-37092 | Path Traversal vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | 8.8 |
| 2024-06-24 | CVE-2024-37089 | Path Traversal vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | 9.8 |