Vulnerabilities > Stylemixthemes > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-25 CVE-2022-38356 Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Pearl Header Builder
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions.
network
low complexity
stylemixthemes CWE-352
8.8
8.8
2023-05-25 CVE-2022-38716 Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.
network
low complexity
stylemixthemes CWE-352
8.8
8.8
2023-05-25 CVE-2022-45815 Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Gdpr Compliance & Cookie Consent
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions.
network
low complexity
stylemixthemes CWE-352
8.8
8.8
2022-12-12 CVE-2022-3989 Unspecified vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing
The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.
network
low complexity
stylemixthemes
8.8
8.8
2021-09-27 CVE-2021-36880 SQL Injection vulnerability in Stylemixthemes Ulisting
Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.
network
low complexity
stylemixthemes CWE-89
7.5
7.5