Vulnerabilities > Stylemixthemes > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2022-25614 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Eroom - Zoom Meetings & Webinar Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. | 4.3 |
| 2022-04-11 | CVE-2022-25615 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Eroom - Zoom Meetings & Webinar Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. | 4.3 |
| 2021-09-27 | CVE-2021-36874 | Authorization Bypass Through User-Controlled Key vulnerability in Stylemixthemes Ulisting Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5). | 6.5 |
| 2021-09-27 | CVE-2021-36876 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages. | 6.8 |
| 2021-09-27 | CVE-2021-36877 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles. | 4.3 |
| 2021-09-27 | CVE-2021-36878 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemixthemes Ulisting Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings. | 4.3 |
| 2020-02-24 | CVE-2019-17229 | Cross-site Scripting vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues. | 4.3 |
| 2020-02-24 | CVE-2019-17228 | Insufficient Verification of Data Authenticity vulnerability in Stylemixthemes Motors - CAR Dealer, Classifieds & Listing includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes. | 6.4 |