Vulnerabilities > Stylemixthemes > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-30 | CVE-2024-8379 | SQL Injection vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | 7.2 |
| 2024-07-22 | CVE-2024-5973 | Unspecified vulnerability in Stylemixthemes Masterstudy LMS The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have. | 8.8 |
| 2024-07-09 | CVE-2024-37090 | SQL Injection vulnerability in Stylemixthemes products Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0. | 8.8 |
| 2024-06-24 | CVE-2024-37092 | Path Traversal vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | 8.8 |
| 2024-06-24 | CVE-2024-37091 | OS Command Injection vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. | 8.8 |
| 2023-12-28 | CVE-2023-50852 | SQL Injection vulnerability in Stylemixthemes Bookit Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3. | 7.2 |
| 2023-11-13 | CVE-2023-46207 | Server-Side Request Forgery (SSRF) vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6. | 7.5 |
| 2023-09-11 | CVE-2023-4278 | Unspecified vulnerability in Stylemixthemes Masterstudy LMS The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. | 7.5 |
| 2023-06-07 | CVE-2021-4340 | SQL Injection vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2023-06-07 | CVE-2021-4346 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. | 7.5 |