Vulnerabilities > Stylemixthemes

DATE CVE VULNERABILITY TITLE RISK
2022-04-11 CVE-2022-25615 Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Eroom - Zoom Meetings & Webinar
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.
network
low complexity
stylemixthemes CWE-352
4.3
2022-03-07 CVE-2022-0441 Unspecified vulnerability in Stylemixthemes Masterstudy LMS
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
network
low complexity
stylemixthemes
critical
9.8
2021-09-27 CVE-2021-36874 Authorization Bypass Through User-Controlled Key vulnerability in Stylemixthemes Ulisting
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).
network
low complexity
stylemixthemes CWE-639
8.8
2021-09-27 CVE-2021-36875 Cross-site Scripting vulnerability in Stylemixthemes Ulisting
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5).
network
low complexity
stylemixthemes CWE-79
4.8
2021-09-27 CVE-2021-36876 Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.
network
low complexity
stylemixthemes CWE-352
8.8
2021-09-27 CVE-2021-36877 Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.
network
low complexity
stylemixthemes CWE-352
6.5
2021-09-27 CVE-2021-36879 Unspecified vulnerability in Stylemixthemes Ulisting
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5).
network
low complexity
stylemixthemes
critical
9.8
2021-09-27 CVE-2021-36880 SQL Injection vulnerability in Stylemixthemes Ulisting
Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.
network
low complexity
stylemixthemes CWE-89
critical
9.8
2021-09-27 CVE-2021-36878 Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.
network
low complexity
stylemixthemes CWE-352
4.3
2020-02-24 CVE-2019-17229 Cross-site Scripting vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.
network
low complexity
stylemixthemes CWE-79
6.1