Vulnerabilities > Stylemixthemes > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-07 | CVE-2024-6010 | Unspecified vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. | 5.3 |
| 2024-07-02 | CVE-2024-6011 | Cross-site Scripting vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-07-02 | CVE-2024-6012 | Missing Authorization vulnerability in Stylemixthemes Cost Calculator Builder The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. | 4.3 |
| 2024-07-02 | CVE-2024-5545 | Missing Authorization vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. | 5.3 |
| 2023-10-27 | CVE-2023-46208 | Cross-site Scripting vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing Unauth. | 6.1 |
| 2023-06-22 | CVE-2023-35093 | Missing Authorization vulnerability in Stylemixthemes Masterstudy LMS Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more. | 6.5 |
| 2023-06-22 | CVE-2023-35090 | Cross-site Scripting vulnerability in Stylemixthemes Masterstudy LMS Auth. | 5.4 |
| 2023-06-07 | CVE-2021-4339 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. | 5.3 |
| 2023-06-07 | CVE-2021-4345 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. | 5.3 |
| 2023-06-07 | CVE-2021-4357 | Missing Authorization vulnerability in Stylemixthemes Ulisting The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. | 5.3 |