
CVE-2025-4800 – MasterStudy LMS Pro <= 4.7.0 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-4800
27 May 2025 — The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible. • https://docs.stylemixthemes.com/masterstudy-lms/changelog-pro-version • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVE-2025-4322 – Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
https://notcve.org/view.php?id=CVE-2025-4322
19 May 2025 — The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account. WordPress Motors theme versions 5.6.67 and below suffer from a privilege escalation vulnerability th... • https://packetstorm.news/files/id/194812 • CWE-620: Unverified Password Change •

CVE-2024-13738 – Motors - Car Dealer, Rental & Listing WordPress theme <= 5.6.65 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-13738
02 May 2025 — The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. *It is unclear exactly which version the issue was patched in from the changelog. Therefore, we used the latest versio... • https://stylemixthemes.com/motors • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2024-11939 – Cost Calculator Builder PRO <= 3.2.15 - Unauthenticated SQL Injection via data
https://notcve.org/view.php?id=CVE-2024-11939
07 Jan 2025 — The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://docs.stylemixthemes.com/cost-calculator-builder/changelog-1/changelog-pro-version#id-3.2.16 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2024-6010 – Cost Calculator Builder PRO <= 3.2.1 - Unauthenticated Price Manipulation
https://notcve.org/view.php?id=CVE-2024-6010
06 Sep 2024 — The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.1.96. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator. Note: this vulnerability was partially patched with the release of Cost Calculator Buil... • https://plugins.trac.wordpress.org/browser/cost-calculator-builder/trunk/frontend/dist/order.js • CWE-472: External Control of Assumed-Immutable Web Parameter •

CVE-2024-5545 – Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-5545
01 Jul 2024 — The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages. El complemento Motors – Car Dealer, Classifieds & Listing para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad ... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3106579%40motors-car-dealership-classified-listings%2Ftrunk&old=3101090%40motors-car-dealership-classified-listings%2Ftrunk&sfp_email=&sfph_mail= • CWE-862: Missing Authorization •

CVE-2024-5973 – MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor
https://notcve.org/view.php?id=CVE-2024-5973
01 Jul 2024 — The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have. El complemento de WordPress MasterStudy LMS WordPress Plugin anterior a 3.3.24 no impide que los estudiantes creen cuentas de instructor, que podrían usarse para obtener acceso a funcionalidades que no deberían tener. The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPres... • https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805 • CWE-269: Improper Privilege Management •

CVE-2024-6011 – Cost Calculator Builder <= 3.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-6011
01 Jul 2024 — The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Cost Calculator Builder para WordPress es vulnerable a Cross... • https://drive.google.com/file/d/1SFQXlRUQw7THm_Vay_pFH3pIX1cjH4AY/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-6012 – Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation
https://notcve.org/view.php?id=CVE-2024-6012
01 Jul 2024 — The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary posts and append arbitrary content to existing posts. El complemento Cost Calculator Builder para WordPress es vulnerable a modificaciones no autorizadas de d... • https://plugins.trac.wordpress.org/browser/cost-calculator-builder/trunk/frontend/dist/admin.js • CWE-862: Missing Authorization •

CVE-2024-4787 – Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending
https://notcve.org/view.php?id=CVE-2024-4787
18 Jun 2024 — The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. Cost Calculator Builder PRO para WordPress es vulnerable a una vulnerabilidad de envío de correo electró... • https://docs.stylemixthemes.com/cost-calculator-builder/changelog-1/changelog-pro-version • CWE-20: Improper Input Validation •