Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

stylemix — Vulnerabilities & Security Advisories 66

Browse all 66 CVE security advisories affecting stylemix. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Stylemix operates as a digital asset management and theme development platform, primarily serving web designers and content creators who require robust tools for managing media libraries and deploying WordPress themes. Security audits reveal a concerning history of vulnerabilities, with sixty-three Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve cross-site scripting (XSS) and remote code execution (RCE), often stemming from insufficient input validation and improper access controls. Privilege escalation remains a significant risk, allowing unauthorized users to manipulate system functions or access restricted data. While specific major incidents involving widespread exploitation are not widely publicized, the high volume of disclosed CVEs indicates persistent weaknesses in the software’s security architecture. Developers and administrators are advised to prioritize immediate patching and rigorous security testing to mitigate these known risks and protect associated web infrastructure from potential compromise.

Found 9 results / 66Clear Filters
Top products by stylemix: Directory Listings WordPress plugin – uListing Cost Calculator Builder MasterStudy LMS WordPress Plugin – for Online Courses and Education Motors – Car Dealership & Classified Listings Plugin MasterStudy LMS uListing Motors Pearl – Header Builder Pearl
CVE IDTitleCVSSSeverityPublished
CVE-2026-3892 Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter — Motors – Car Dealership & Classified Listings PluginCWE-73 8.1 High2026-05-14
CVE-2026-1934 Motors – Car Dealership & Classified Listings Plugin <= 1.4.103 - Missing Authorization to Authenticated (Subscriber+) Payment Bypass via 'stm_payment_status' Parameter — Motors – Car Dealership & Classified Listings PluginCWE-862 4.3 Medium2026-05-12
CVE-2025-10494 Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion — Motors – Car Dealership & Classified Listings PluginCWE-73 8.1 High2025-10-08
CVE-2025-3437 Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 - Missing Authorization to Authenticated (Subscriber+) Wizard Set-up — Motors – Car Dealership & Classified Listings PluginCWE-862 4.3 Medium2025-04-08
CVE-2025-2808 Motors – Car Dealership & Classified Listings Plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Motors – Car Dealership & Classified Listings PluginCWE-79 5.4 Medium2025-04-08
CVE-2025-2807 Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation — Motors – Car Dealership & Classified Listings PluginCWE-862 8.8 High2025-04-08
CVE-2024-13737 Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation — Motors – Car Dealership & Classified Listings PluginCWE-862 4.3 Medium2025-03-22
CVE-2024-10970 Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title — Motors – Car Dealership & Classified Listings PluginCWE-94 5.4 Medium2025-01-16
CVE-2024-5545 Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization — Motors – Car Dealership & Classified Listings PluginCWE-862 5.3 Medium2024-07-02

This page lists every published CVE security advisory associated with stylemix. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.