Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

StylemixThemes — Vulnerabilities & Security Advisories 50

Browse all 50 CVE security advisories affecting StylemixThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

StylemixThemes operates as a prominent developer of WordPress themes and plugins, primarily targeting the e-commerce and lifestyle sectors through its extensive portfolio on marketplaces like ThemeForest. The company’s software has been associated with fifty recorded Common Vulnerabilities and Exposures (CVEs), reflecting significant security challenges in its codebase. Historically, these vulnerabilities frequently manifest as remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls within plugin architectures. While no single catastrophic data breach has been publicly attributed solely to StylemixThemes, the high volume of CVEs indicates systemic issues in their development and patching processes. Users are advised to exercise caution, ensuring all components are updated to mitigate risks associated with these known exploitation vectors.

Top products by StylemixThemes: uListing (WordPress plugin) MasterStudy LMS Pro Cost Calculator Builder PRO Consulting Elementor Widgets Masterstudy Elementor Widgets Motors – Car Dealer, Classifieds & Listing eRoom – Zoom Meetings & Webinar (WordPress plugin) Masterstudy Motors - Car Dealer, Rental & Listing WordPress theme Cost Calculator Builder Consulting MasterStudy LMS WordPress Plugin – for Online Courses and Education MegaMenu Booking Calendar | Appointment Booking | BookIt Masterstudy LMS Starter MasterStudy LMS eRoom – Zoom Meetings & Webinar Pearl - Corporate Business WordPress Header Builder Plugin – Pearl Motors - Events GDPR Compliance & Cookie Consent Motors
CVE IDTitleCVSSSeverityPublished
CVE-2024-35677 WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability — MegaMenuCWE-22 9.0 Critical2024-06-10
CVE-2024-4789 Cost Calculator Builder Pro <= 3.1.72 - Authenticated (Subscriber+) Server-Side Request Forgery — Cost Calculator Builder PROCWE-918 6.4 Medium2024-05-17
CVE-2023-37385 WordPress Consulting theme <= 6.5.6 - Local File Inclusion — ConsultingCWE-22 7.3 High2024-05-17
CVE-2024-4097 Cost Calculator Builder Pro <= 3.1.67 - Unauthenticated Cross-Site Scripting via SVG Upload — Cost Calculator Builder PROCWE-79 7.2 High2024-05-02
CVE-2023-50852 WordPress BookIt Plugin <= 2.4.3 is vulnerable to SQL Injection — Booking Calendar | Appointment Booking | BookItCWE-89 7.6 High2023-12-28
CVE-2023-46207 WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.6 is vulnerable to Server Side Request Forgery (SSRF) — Motors – Car Dealer, Classifieds & ListingCWE-918 4.1 Medium2023-11-13
CVE-2023-46208 WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.6 is vulnerable to Cross Site Scripting (XSS) — Motors – Car Dealer, Classifieds & ListingCWE-79 7.1 High2023-10-27
CVE-2023-35093 WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-862 6.5 Medium2023-06-22
CVE-2023-35090 WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS) — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-79 6.5 Medium2023-06-22
CVE-2022-45815 WordPress GDPR Compliance & Cookie Consent Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) — GDPR Compliance & Cookie ConsentCWE-352 4.3 Medium2023-05-25
CVE-2022-38716 WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) — Motors – Car Dealer, Classifieds & ListingCWE-352 5.4 Medium2023-05-25
CVE-2022-38356 WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) — WordPress Header Builder Plugin – PearlCWE-352 5.4 Medium2023-05-25
CVE-2022-25614 WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) leading to Sync with Zoom Meetings vulnerability — eRoom – Zoom Meetings & Webinar (WordPress plugin)CWE-352 4.3 Medium2022-04-11
CVE-2022-25615 WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion — eRoom – Zoom Meetings & Webinar (WordPress plugin)CWE-352 4.3 Medium2022-04-11
CVE-2021-36880 WordPress uListing plugin <= 2.0.3 - Unauthenticated SQL Injection (SQLi) vulnerability — uListing (WordPress plugin)CWE-89 8.6 High2021-09-27
CVE-2021-36874 WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability — uListing (WordPress plugin) 7.1 High2021-09-27
CVE-2021-36877 WordPress uListing plugin <= 2.0.5 - Modify User Roles via Cross-Site Request Forgery (CSRF) vulnerability — uListing (WordPress plugin)CWE-352 4.3 Medium2021-09-27
CVE-2021-36876 WordPress uListing plugin <= 2.0.5 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities — uListing (WordPress plugin)CWE-352 5.4 Medium2021-09-27
CVE-2021-36879 WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability — uListing (WordPress plugin)CWE-264 9.8 Critical2021-09-27
CVE-2021-36878 WordPress uListing plugin <= 2.0.5 - Settings Update via Cross-Site Request Forgery (CSRF) vulnerability — uListing (WordPress plugin)CWE-352 4.3 Medium2021-09-27

This page lists every published CVE security advisory associated with StylemixThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.