Vulnerabilities > Stylemixthemes

DATE CVE VULNERABILITY TITLE RISK
2024-09-30 CVE-2024-8379 SQL Injection vulnerability in Stylemixthemes Cost Calculator Builder
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
network
low complexity
stylemixthemes CWE-89
7.2
2024-09-07 CVE-2024-6010 Unspecified vulnerability in Stylemixthemes Cost Calculator Builder
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1.
network
low complexity
stylemixthemes
5.3
2024-08-29 CVE-2024-43144 SQL Injection vulnerability in Stylemixthemes Cost Calculator Builder
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.
network
low complexity
stylemixthemes CWE-89
critical
9.8
2024-07-22 CVE-2024-5973 Unspecified vulnerability in Stylemixthemes Masterstudy LMS
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
network
low complexity
stylemixthemes
8.8
2024-07-09 CVE-2024-37090 Unspecified vulnerability in Stylemixthemes products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0.
network
low complexity
stylemixthemes
8.8
2024-07-02 CVE-2024-6011 Cross-site Scripting vulnerability in Stylemixthemes Cost Calculator Builder
The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping.
network
low complexity
stylemixthemes CWE-79
4.8
2024-06-24 CVE-2024-37092 Unspecified vulnerability in Stylemixthemes Consulting Elementor Widgets
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
network
low complexity
stylemixthemes
8.8
2024-06-24 CVE-2024-37089 Unspecified vulnerability in Stylemixthemes Consulting Elementor Widgets
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
network
low complexity
stylemixthemes
critical
9.8
2024-06-24 CVE-2024-37091 OS Command Injection vulnerability in Stylemixthemes Consulting Elementor Widgets
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2.
network
low complexity
stylemixthemes CWE-78
8.8
2024-06-10 CVE-2024-35677 Unspecified vulnerability in Stylemixthemes Mega Menu 2.3.12
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12.
network
low complexity
stylemixthemes
critical
9.8