Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

stylemix — Vulnerabilities & Security Advisories 63

Browse all 63 CVE security advisories affecting stylemix. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Stylemix operates as a digital asset management and theme development platform, primarily serving web designers and content creators who require robust tools for managing media libraries and deploying WordPress themes. Security audits reveal a concerning history of vulnerabilities, with sixty-three Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve cross-site scripting (XSS) and remote code execution (RCE), often stemming from insufficient input validation and improper access controls. Privilege escalation remains a significant risk, allowing unauthorized users to manipulate system functions or access restricted data. While specific major incidents involving widespread exploitation are not widely publicized, the high volume of disclosed CVEs indicates persistent weaknesses in the software’s security architecture. Developers and administrators are advised to prioritize immediate patching and rigorous security testing to mitigate these known risks and protect associated web infrastructure from potential compromise.

Top products by stylemix: Directory Listings WordPress plugin – uListing MasterStudy LMS WordPress Plugin – for Online Courses and Education Cost Calculator Builder MasterStudy LMS Motors – Car Dealership & Classified Listings Plugin uListing Motors Pearl – Header Builder Pearl
CVE IDTitleCVSSSeverityPublished
CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-89 6.5 Medium2026-04-17
CVE-2026-28078 WordPress uListing plugin <= 2.2.0 - Arbitrary File Download vulnerability — uListingCWE-22 4.9 Medium2026-03-05
CVE-2026-28138 WordPress uListing plugin <= 2.2.0 - PHP Object Injection vulnerability — uListingCWE-502 7.2 High2026-02-26
CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-79 6.4 Medium2026-02-14
CVE-2025-14757 Cost Calculator Builder <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status Bypass — Cost Calculator BuilderCWE-862 5.3 Medium2026-01-16
CVE-2025-13766 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-862 5.4 Medium2026-01-06
CVE-2025-12529 Cost Calculator Builder <= 3.6.3 - Unauthenticated Arbitrary File Deletion — Cost Calculator BuilderCWE-73 8.8 High2025-12-02
CVE-2025-62049 WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability — Cost Calculator BuilderCWE-862 6.5 Medium2025-11-06
CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability — MasterStudy LMSCWE-89 7.6 High2025-10-31
CVE-2025-59575 WordPress MasterStudy LMS plugin <= 3.6.20 - Sensitive Data Exposure vulnerability — MasterStudy LMSCWE-497 4.9 Medium2025-10-22
CVE-2025-10494 Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion — Motors – Car Dealership & Classified Listings PluginCWE-73 8.1 High2025-10-08
CVE-2025-9243 Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions — Cost Calculator BuilderCWE-862 8.1 High2025-10-04
CVE-2025-59576 WordPress MasterStudy LMS Plugin <= 3.6.20 - Broken Access Control Vulnerability — MasterStudy LMSCWE-862 6.5 Medium2025-09-22
CVE-2025-59577 WordPress MasterStudy LMS Plugin <= 3.6.20 - Race Condition Vulnerability — MasterStudy LMSCWE-362 4.3 Medium2025-09-22
CVE-2025-54744 WordPress MasterStudy LMS plugin <= 3.6.15 - Broken Access Control vulnerability — MasterStudy LMSCWE-862 6.5 Medium2025-09-05
CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability — MotorsCWE-639 5.3 Medium2025-08-14
CVE-2025-48277 WordPress Cost Calculator Builder plugin <= 3.2.74 - Cross Site Scripting (XSS) Vulnerability — Cost Calculator BuilderCWE-79 5.9 Medium2025-05-19
CVE-2025-32662 WordPress uListing plugin <= 2.2.0 - Deserialization of untrusted data vulnerability — uListingCWE-502 8.8 High2025-04-17
CVE-2025-39587 WordPress Cost Calculator Builder plugin <= 3.2.65 - SQL Injection Vulnerability — Cost Calculator BuilderCWE-89 9.3 Critical2025-04-17
CVE-2025-2128 Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter — Cost Calculator BuilderCWE-89 6.5 Medium2025-04-11
CVE-2025-32654 WordPress Motors plugin <= 1.4.71 - Local File Inclusion vulnerability — MotorsCWE-98 8.1 High2025-04-11
CVE-2025-3437 Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 - Missing Authorization to Authenticated (Subscriber+) Wizard Set-up — Motors – Car Dealership & Classified Listings PluginCWE-862 4.3 Medium2025-04-08
CVE-2025-2808 Motors – Car Dealership & Classified Listings Plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Motors – Car Dealership & Classified Listings PluginCWE-79 5.4 Medium2025-04-08
CVE-2025-2807 Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation — Motors – Car Dealership & Classified Listings PluginCWE-862 8.8 High2025-04-08
CVE-2025-32237 WordPress MasterStudy LMS plugin <= 3.5.28 - Broken Access Control vulnerability — MasterStudy LMSCWE-862 4.3 Medium2025-04-04
CVE-2025-32170 WordPress Motors plugin <= 1.4.71 - Cross Site Scripting (XSS) vulnerability — MotorsCWE-79 6.5 Medium2025-04-04
CVE-2025-32142 WordPress Motors plugin <= 1.4.71 - Local File Inclusion vulnerability — MotorsCWE-98 8.8 High2025-04-04
CVE-2025-32141 WordPress MasterStudy LMS plugin <= 3.5.28 - Local File Inclusion vulnerability — MasterStudy LMSCWE-98 8.8 High2025-04-04
CVE-2025-32122 WordPress uListing plugin <= 2.2.0 - SQL Injection vulnerability — uListingCWE-89 7.6 High2025-04-04
CVE-2025-31880 WordPress Pearl plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability — PearlCWE-352 4.3 Medium2025-04-01

This page lists every published CVE security advisory associated with stylemix. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.