StylemixthemesCVEs & Vulnerabilities

61 CVEs affecting Stylemixthemes products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

ulisting 18masterstudy lms 14motors - car dealer\, classifieds \& listing 12cost calculator builder 6consulting elementor widgets 4bookit 2eroom - zoom meetings \& webinar 2mega menu 1
CVE-2022-38356HIGH

Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions.

25 May 2023
8.8
CVSS
CVE-2022-3989HIGH

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload.

12 Dec 2022
8.8
CVSS
CVE-2022-25615MEDIUM

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion.

11 Apr 2022
4.3
CVSS
CVE-2022-25614MEDIUM

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings.

11 Apr 2022
4.3
CVSS
CVE-2021-36880CRITICAL

Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListing plugin (versions <= 2.0.3), vulnerable parameter: custom.

27 Sep 2021
9.8
CVSS
CVE-2021-36879CRITICAL

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.

27 Sep 2021
9.8
CVSS
CVE-2021-36877MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.

27 Sep 2021
6.5
CVSS
CVE-2021-36876HIGH

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPress uListing plugin (versions <= 2.0.5) as it lacks CSRF checks on plugin administration pages.

27 Sep 2021
8.8
CVSS
CVE-2021-36875MEDIUM

Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5.

27 Sep 2021
4.8
CVSS
CVE-2021-36874HIGH

Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin (versions <= 2.0.5).

27 Sep 2021
8.8
CVSS
CVE-2021-36878MEDIUM

Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.

27 Sep 2021
4.3
CVSS
CVE-2019-17229MEDIUM

includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.

24 Feb 2020
6.1
CVSS
CVE-2019-17228MEDIUM

includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes.

24 Feb 2020
6.5
CVSS
← PrevPage 2 / 2Next →