Vulnerabilities > Stylemixthemes
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-30 | CVE-2024-8379 | SQL Injection vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | 7.2 |
2024-09-07 | CVE-2024-6010 | Unspecified vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. | 5.3 |
2024-08-29 | CVE-2024-43144 | SQL Injection vulnerability in Stylemixthemes Cost Calculator Builder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. | 9.8 |
2024-07-22 | CVE-2024-5973 | Unspecified vulnerability in Stylemixthemes Masterstudy LMS The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have. | 8.8 |
2024-07-09 | CVE-2024-37090 | Unspecified vulnerability in Stylemixthemes products Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0. | 8.8 |
2024-07-02 | CVE-2024-6011 | Cross-site Scripting vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. | 4.8 |
2024-06-24 | CVE-2024-37092 | Unspecified vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | 8.8 |
2024-06-24 | CVE-2024-37089 | Unspecified vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | 9.8 |
2024-06-24 | CVE-2024-37091 | OS Command Injection vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. | 8.8 |
2024-06-10 | CVE-2024-35677 | Unspecified vulnerability in Stylemixthemes Mega Menu 2.3.12 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12. | 9.8 |