Vulnerabilities > Stylemixthemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-6011 | Cross-site Scripting vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-06-24 | CVE-2024-37092 | Unspecified vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | 8.8 |
| 2024-06-24 | CVE-2024-37089 | Unspecified vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | 9.8 |
| 2024-06-24 | CVE-2024-37091 | OS Command Injection vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. | 8.8 |
| 2024-06-10 | CVE-2024-35677 | Unspecified vulnerability in Stylemixthemes Mega Menu 2.3.12 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12. | 9.8 |
| 2024-05-02 | CVE-2024-3942 | Missing Authorization vulnerability in Stylemixthemes Masterstudy LMS The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. | 5.4 |
| 2024-03-13 | CVE-2024-2106 | Unspecified vulnerability in Stylemixthemes Masterstudy LMS The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. | 7.5 |
| 2023-12-28 | CVE-2023-50852 | Unspecified vulnerability in Stylemixthemes Bookit Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3. | 7.2 |
| 2023-11-13 | CVE-2023-46207 | Server-Side Request Forgery (SSRF) vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6. | 7.5 |
| 2023-10-27 | CVE-2023-46208 | Cross-site Scripting vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing Unauth. | 6.1 |