Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

stylemix — Vulnerabilities & Security Advisories 63

Browse all 63 CVE security advisories affecting stylemix. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Stylemix operates as a digital asset management and theme development platform, primarily serving web designers and content creators who require robust tools for managing media libraries and deploying WordPress themes. Security audits reveal a concerning history of vulnerabilities, with sixty-three Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve cross-site scripting (XSS) and remote code execution (RCE), often stemming from insufficient input validation and improper access controls. Privilege escalation remains a significant risk, allowing unauthorized users to manipulate system functions or access restricted data. While specific major incidents involving widespread exploitation are not widely publicized, the high volume of disclosed CVEs indicates persistent weaknesses in the software’s security architecture. Developers and administrators are advised to prioritize immediate patching and rigorous security testing to mitigate these known risks and protect associated web infrastructure from potential compromise.

Top products by stylemix: Directory Listings WordPress plugin – uListing MasterStudy LMS WordPress Plugin – for Online Courses and Education Cost Calculator Builder MasterStudy LMS Motors – Car Dealership & Classified Listings Plugin uListing Motors Pearl – Header Builder Pearl
CVE IDTitleCVSSSeverityPublished
CVE-2025-31880 WordPress Pearl plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability — PearlCWE-352 4.3 Medium2025-04-01
CVE-2025-31414 WordPress Cost Calculator Builder plugin <= 3.2.65 - Cross Site Scripting (XSS) vulnerability — Cost Calculator BuilderCWE-79 6.5 Medium2025-03-31
CVE-2024-13737 Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation — Motors – Car Dealership & Classified Listings PluginCWE-862 4.3 Medium2025-03-22
CVE-2025-1653 Directory Listings WordPress plugin – uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation — Directory Listings WordPress plugin – uListingCWE-266 8.8 High2025-03-15
CVE-2025-1657 Directory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection — Directory Listings WordPress plugin – uListingCWE-862 8.8 High2025-03-15
CVE-2025-25150 WordPress uListing plugin <= 2.1.6 - SQL Injection vulnerability — uListingCWE-89 9.3 Critical2025-03-03
CVE-2025-25151 WordPress uListing Plugin <= 2.1.6 - SQL Injection vulnerability — uListingCWE-89 8.5 High2025-02-07
CVE-2024-10970 Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title — Motors – Car Dealership & Classified Listings PluginCWE-94 5.4 Medium2025-01-16
CVE-2024-12206 Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion — Pearl – Header BuilderCWE-352 4.3 Medium2025-01-09
CVE-2024-37093 WordPress MasterStudy LMS plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability — MasterStudy LMSCWE-352 4.3 Medium2025-01-02
CVE-2024-47344 WordPress uListing plugin <= 2.1.5 - Sensitive Data Exposure vulnerability — uListingCWE-200 5.3 Medium2024-10-07
CVE-2024-6011 Cost Calculator Builder <= 3.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting — Cost Calculator BuilderCWE-79 4.4 Medium2024-07-02
CVE-2024-6012 Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation — Cost Calculator BuilderCWE-862 4.3 Medium2024-07-02
CVE-2024-5545 Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization — Motors – Car Dealership & Classified Listings PluginCWE-862 5.3 Medium2024-07-02
CVE-2024-5468 WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion — Pearl – Header BuilderCWE-862 6.5 Medium2024-06-12
CVE-2024-4000 WordPress Header Builder Plugin – Pearl <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Pearl – Header BuilderCWE-79 6.4 Medium2024-05-02
CVE-2024-3942 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-862 6.3 Medium2024-05-02
CVE-2024-3136 MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-98 9.8 Critical2024-04-09
CVE-2024-1904 MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-862 4.3 Medium2024-04-09
CVE-2024-2411 MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-98 9.8 Critical2024-03-29
CVE-2024-2409 MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-266 9.8 Critical2024-03-29
CVE-2024-2106 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-200 5.3 Medium2024-03-13
CVE-2024-1512 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-89 9.8 Critical2024-02-17
CVE-2021-4381 uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2021-4370 uListing <= 1.6.6 - Missing Authorization — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion — Directory Listings WordPress plugin – uListingCWE-862 9.1 Critical2023-06-07
CVE-2021-4345 uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion — Directory Listings WordPress plugin – uListingCWE-862 6.5 Medium2023-06-07
CVE-2021-4346 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Changes — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2021-4343 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Creation — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07
CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX — Directory Listings WordPress plugin – uListingCWE-862 9.8 Critical2023-06-07

This page lists every published CVE security advisory associated with stylemix. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.