Vulnerabilities > Stylemixthemes > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-43144 SQL Injection vulnerability in Stylemixthemes Cost Calculator Builder
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.
network
low complexity
stylemixthemes CWE-89
critical
 9.8
9.8
2024-06-24 CVE-2024-37089 Path Traversal vulnerability in Stylemixthemes Consulting Elementor Widgets
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
network
low complexity
stylemixthemes CWE-22
critical
 9.8
9.8
2024-06-10 CVE-2024-35677 Path Traversal vulnerability in Stylemixthemes Mega Menu 2.3.12
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12.
network
low complexity
stylemixthemes CWE-22
critical
 9.8
9.8
2023-06-30 CVE-2023-2834 Missing Authentication for Critical Function vulnerability in Stylemixthemes Bookit
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7.
network
low complexity
stylemixthemes CWE-306
critical
 9.8
9.8
2023-06-07 CVE-2021-4341 Missing Authorization vulnerability in Stylemixthemes Ulisting
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6.
network
low complexity
stylemixthemes CWE-862
critical
 9.8
9.8
2023-06-07 CVE-2021-4343 Missing Authorization vulnerability in Stylemixthemes Ulisting
The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6.
network
low complexity
stylemixthemes CWE-862
critical
 9.8
9.8
2023-06-07 CVE-2021-4370 Missing Authorization vulnerability in Stylemixthemes Ulisting
The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated.
network
low complexity
stylemixthemes CWE-862
critical
 9.8
9.8
2023-06-07 CVE-2021-4381 Missing Authorization vulnerability in Stylemixthemes Ulisting
The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6.
network
low complexity
stylemixthemes CWE-862
critical
 9.8
9.8
2022-03-07 CVE-2022-0441 Unspecified vulnerability in Stylemixthemes Masterstudy LMS
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
network
low complexity
stylemixthemes
critical
 9.8
9.8
2021-09-27 CVE-2021-36879 Unspecified vulnerability in Stylemixthemes Ulisting
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5).
network
low complexity
stylemixthemes
critical
 9.8
9.8