Vulnerabilities > Stylemixthemes
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-07 | CVE-2021-4345 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. | 5.3 |
2023-06-07 | CVE-2021-4346 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. | 7.5 |
2023-06-07 | CVE-2021-4357 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. | 5.3 |
2023-06-07 | CVE-2021-4370 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. | 9.8 |
2023-06-07 | CVE-2021-4381 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. | 9.8 |
2023-05-25 | CVE-2022-38356 | Unspecified vulnerability in Stylemixthemes Pearl Header Builder 1.3.4 Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions. | 8.8 |
2023-05-25 | CVE-2022-38716 | Unspecified vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions. | 8.8 |
2023-05-25 | CVE-2022-45815 | Unspecified vulnerability in Stylemixthemes Gdpr Compliance & Cookie Consent 1.2 Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions. | 8.8 |
2022-12-12 | CVE-2022-3989 | Unspecified vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload. | 8.8 |
2022-04-11 | CVE-2022-25614 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Eroom - Zoom Meetings & Webinar Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. | 4.3 |