Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

StylemixThemes — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting StylemixThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

StylemixThemes operates as a prominent developer of WordPress themes and plugins, primarily targeting the e-commerce and lifestyle sectors through its extensive portfolio on marketplaces like ThemeForest. The company’s software has been associated with fifty recorded Common Vulnerabilities and Exposures (CVEs), reflecting significant security challenges in its codebase. Historically, these vulnerabilities frequently manifest as remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls within plugin architectures. While no single catastrophic data breach has been publicly attributed solely to StylemixThemes, the high volume of CVEs indicates systemic issues in their development and patching processes. Users are advised to exercise caution, ensuring all components are updated to mitigate risks associated with these known exploitation vectors.

Top products by StylemixThemes: uListing (WordPress plugin) MasterStudy LMS Pro Cost Calculator Builder PRO Consulting Elementor Widgets Masterstudy Elementor Widgets Motors – Car Dealer, Classifieds & Listing eRoom – Zoom Meetings & Webinar (WordPress plugin) Masterstudy Motors - Car Dealer, Rental & Listing WordPress theme Cost Calculator Builder Consulting MasterStudy LMS WordPress Plugin – for Online Courses and Education MegaMenu Booking Calendar | Appointment Booking | BookIt Masterstudy LMS Starter MasterStudy LMS eRoom – Zoom Meetings & Webinar Pearl - Corporate Business WordPress Header Builder Plugin – Pearl Motors - Events GDPR Compliance & Cookie Consent Motors
CVE IDTitleCVSSSeverityPublished
CVE-2025-64374 WordPress Motors theme <= 5.6.81 - Arbitrary File Upload vulnerability — MotorsCWE-434 9.9 Critical2025-12-18
CVE-2025-64214 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability — MasterStudy LMS ProCWE-862 7.5 High2025-12-18
CVE-2025-64209 WordPress Masterstudy theme < 4.8.122 - Broken Access Control vulnerability — MasterstudyCWE-862 7.5 High2025-12-18
CVE-2025-64213 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Sensitive Data Exposure vulnerability — MasterStudy LMS ProCWE-201 7.5 High2025-12-18
CVE-2025-64364 WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability — MasterstudyCWE-98 7.5 High2025-10-31
CVE-2025-64361 WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability — Consulting Elementor WidgetsCWE-79 6.5 Medium2025-10-31
CVE-2025-64359 WordPress Consulting theme < 6.7.5 - Local File Inclusion vulnerability — ConsultingCWE-98 7.5 High2025-10-31
CVE-2025-64360 WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Local File Inclusion vulnerability — Consulting Elementor WidgetsCWE-98 7.5 High2025-10-31
CVE-2025-64212 WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability — MasterStudy LMS ProCWE-862 5.4 Medium2025-10-29
CVE-2025-64211 WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability — Masterstudy Elementor WidgetsCWE-862 5.3 Medium2025-10-29
CVE-2025-64210 WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability — Masterstudy Elementor WidgetsCWE-862 5.4 Medium2025-10-29
CVE-2025-7438 MasterStudy LMS – Online Courses, eLearning PRO Plus <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload — MasterStudy LMS ProCWE-434 7.5 High2025-07-18
CVE-2025-47586 WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability — Motors - EventsCWE-98 9.0 Critical2025-06-06
CVE-2025-4800 MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload — MasterStudy LMS ProCWE-434 8.8 High2025-05-28
CVE-2025-4322 Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover — Motors - Car Dealer, Rental & Listing WordPress themeCWE-620 9.8 Critical2025-05-20
CVE-2024-13738 Motors - Car Dealer, Rental & Listing WordPress theme <= 5.6.65 - Unauthenticated Arbitrary Shortcode Execution — Motors - Car Dealer, Rental & Listing WordPress themeCWE-94 7.3 High2025-05-03
CVE-2025-26986 WordPress Pearl Theme < 3.4.8 - Local File Inclusion vulnerability — Pearl - Corporate BusinessCWE-98 8.1 High2025-03-26
CVE-2024-11939 Cost Calculator Builder PRO <= 3.2.15 - Unauthenticated SQL Injection via data — Cost Calculator Builder PROCWE-89 7.5 High2025-01-08
CVE-2023-40011 WordPress Cost Calculator Builder plugin <= 3.1.42 - Broken Access Control vulnerability — Cost Calculator BuilderCWE-862 5.4 Medium2024-12-13
CVE-2022-43472 WordPress eRoom plugin <= 1.4.6 - Broken Access Control vulnerability — eRoom – Zoom Meetings & WebinarCWE-862 4.3 Medium2024-12-13
CVE-2024-37269 WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability — Masterstudy Elementor WidgetsCWE-862 5.3 Medium2024-11-01
CVE-2024-37094 WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability — MasterStudy LMSCWE-862 8.2 High2024-11-01
CVE-2024-43990 WordPress Masterstudy LMS Starter theme <= 1.1.8 - Sensitive Data Exposure vulnerability — Masterstudy LMS StarterCWE-532 5.3 Medium2024-09-25
CVE-2024-6010 Cost Calculator Builder PRO <= 3.2.1 - Unauthenticated Price Manipulation — Cost Calculator Builder PROCWE-472 5.3 Medium2024-09-07
CVE-2024-43144 WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability — Cost Calculator BuilderCWE-89 9.3 Critical2024-08-29
CVE-2024-37090 SQL Injection vulnerability in multiple StylemixThemes premium themes — Masterstudy Elementor WidgetsCWE-89 8.5 High2024-07-09
CVE-2024-37092 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Local File Inclusion vulnerability — Consulting Elementor WidgetsCWE-22 8.5 High2024-06-24
CVE-2024-37091 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability — Consulting Elementor WidgetsCWE-77 9.9 Critical2024-06-24
CVE-2024-37089 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Unauthenticated Local File Inclusion vulnerability — Consulting Elementor WidgetsCWE-22 9.0 Critical2024-06-24
CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending — Cost Calculator Builder PROCWE-20 5.8 Medium2024-06-19

This page lists every published CVE security advisory associated with StylemixThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.