Vulnerabilities > Stylemixthemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-24 | CVE-2024-37091 | OS Command Injection vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. | 8.8 |
| 2024-06-10 | CVE-2024-35677 | Unspecified vulnerability in Stylemixthemes Mega Menu 2.3.12 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12. | 9.8 |
| 2024-05-02 | CVE-2024-3942 | Missing Authorization vulnerability in Stylemixthemes Masterstudy LMS The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. | 5.4 |
| 2024-03-13 | CVE-2024-2106 | Unspecified vulnerability in Stylemixthemes Masterstudy LMS The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. | 7.5 |
| 2023-12-28 | CVE-2023-50852 | Unspecified vulnerability in Stylemixthemes Bookit Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3. | 7.2 |
| 2023-11-13 | CVE-2023-46207 | Server-Side Request Forgery (SSRF) vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6. | 7.5 |
| 2023-10-27 | CVE-2023-46208 | Cross-site Scripting vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing Unauth. | 6.1 |
| 2023-09-11 | CVE-2023-4278 | Unspecified vulnerability in Stylemixthemes Masterstudy LMS The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. | 7.5 |
| 2023-06-22 | CVE-2023-35093 | Unspecified vulnerability in Stylemixthemes Masterstudy LMS Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more. | 6.5 |
| 2023-06-22 | CVE-2023-35090 | Unspecified vulnerability in Stylemixthemes Masterstudy LMS Auth. | 5.4 |