Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

stylemix — Vulnerabilities & Security Advisories 66

Browse all 66 CVE security advisories affecting stylemix. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Stylemix operates as a digital asset management and theme development platform, primarily serving web designers and content creators who require robust tools for managing media libraries and deploying WordPress themes. Security audits reveal a concerning history of vulnerabilities, with sixty-three Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve cross-site scripting (XSS) and remote code execution (RCE), often stemming from insufficient input validation and improper access controls. Privilege escalation remains a significant risk, allowing unauthorized users to manipulate system functions or access restricted data. While specific major incidents involving widespread exploitation are not widely publicized, the high volume of disclosed CVEs indicates persistent weaknesses in the software’s security architecture. Developers and administrators are advised to prioritize immediate patching and rigorous security testing to mitigate these known risks and protect associated web infrastructure from potential compromise.

Found 10 results / 66Clear Filters
Top products by stylemix: Directory Listings WordPress plugin – uListing Cost Calculator Builder MasterStudy LMS WordPress Plugin – for Online Courses and Education Motors – Car Dealership & Classified Listings Plugin MasterStudy LMS uListing Motors Pearl – Header Builder Pearl
CVE IDTitleCVSSSeverityPublished
CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-89 6.5 Medium2026-04-17
CVE-2026-0559 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-79 6.4 Medium2026-02-14
CVE-2025-13766 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-862 5.4 Medium2026-01-06
CVE-2024-3942 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-862 6.3 Medium2024-05-02
CVE-2024-3136 MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-98 9.8 Critical2024-04-09
CVE-2024-1904 MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-862 4.3 Medium2024-04-09
CVE-2024-2409 MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-266 9.8 Critical2024-03-29
CVE-2024-2411 MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-98 9.8 Critical2024-03-29
CVE-2024-2106 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-200 5.3 Medium2024-03-13
CVE-2024-1512 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection — MasterStudy LMS WordPress Plugin – for Online Courses and EducationCWE-89 9.8 Critical2024-02-17

This page lists every published CVE security advisory associated with stylemix. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.