Vulnerabilities > Stylemixthemes

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2021-4345 Missing Authorization vulnerability in Stylemixthemes Ulisting
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6.
network
low complexity
stylemixthemes CWE-862
5.3
2023-06-07 CVE-2021-4346 Missing Authorization vulnerability in Stylemixthemes Ulisting
The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6.
network
low complexity
stylemixthemes CWE-862
7.5
2023-06-07 CVE-2021-4357 Missing Authorization vulnerability in Stylemixthemes Ulisting
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6.
network
low complexity
stylemixthemes CWE-862
5.3
2023-06-07 CVE-2021-4370 Missing Authorization vulnerability in Stylemixthemes Ulisting
The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated.
network
low complexity
stylemixthemes CWE-862
critical
9.8
2023-06-07 CVE-2021-4381 Missing Authorization vulnerability in Stylemixthemes Ulisting
The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6.
network
low complexity
stylemixthemes CWE-862
critical
9.8
2023-05-25 CVE-2022-38356 Unspecified vulnerability in Stylemixthemes Pearl Header Builder 1.3.4
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions.
network
low complexity
stylemixthemes
8.8
2023-05-25 CVE-2022-38716 Unspecified vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.
network
low complexity
stylemixthemes
8.8
2023-05-25 CVE-2022-45815 Unspecified vulnerability in Stylemixthemes Gdpr Compliance & Cookie Consent 1.2
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions.
network
low complexity
stylemixthemes
8.8
2022-12-12 CVE-2022-3989 Unspecified vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.
network
low complexity
stylemixthemes
8.8
2022-04-11 CVE-2022-25614 Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Eroom - Zoom Meetings & Webinar
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings.
network
low complexity
stylemixthemes CWE-352
4.3