Vulnerabilities > Stylemixthemes > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2021-4340 SQL Injection vulnerability in Stylemixthemes Ulisting
The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
stylemixthemes CWE-89
7.5
7.5
2023-06-07 CVE-2021-4346 Missing Authorization vulnerability in Stylemixthemes Ulisting
The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6.
network
low complexity
stylemixthemes CWE-862
7.5
7.5
2023-05-25 CVE-2022-38356 Unspecified vulnerability in Stylemixthemes Pearl Header Builder 1.3.4
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions.
network
low complexity
stylemixthemes
8.8
8.8
2023-05-25 CVE-2022-38716 Unspecified vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.
network
low complexity
stylemixthemes
8.8
8.8
2023-05-25 CVE-2022-45815 Unspecified vulnerability in Stylemixthemes Gdpr Compliance & Cookie Consent 1.2
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions.
network
low complexity
stylemixthemes
8.8
8.8
2022-12-12 CVE-2022-3989 Unspecified vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.
network
low complexity
stylemixthemes
8.8
8.8
2021-09-27 CVE-2021-36874 Authorization Bypass Through User-Controlled Key vulnerability in Stylemixthemes Ulisting
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).
network
low complexity
stylemixthemes CWE-639
8.8
8.8
2021-09-27 CVE-2021-36876 Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.
network
low complexity
stylemixthemes CWE-352
8.8
8.8