Vulnerabilities and security researches forstylish-price-list stylish-price-list

Jun 07, 2024

CVE, Research URL: CVE-2021-24757
Home page URL: Security reports for Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Application: Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Date: Nov 01, 2021
Research Description: The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-51673
Home page URL: Security reports for Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Application: Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Date: Jan 05, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24770
Home page URL: Security reports for Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Application: Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Date: Nov 01, 2021
Research Description: The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images.
Affected versions: Min -, max -.
Status: vulnerable

Mar 27, 2025

CVE, Research URL: CVE-2024-10472
Home page URL: Security reports for Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Application: Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Date: Mar 25, 2025
Research Description: The Stylish Price List WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable

May 19, 2025

CVE, Research URL: CVE-2024-7758
Home page URL: Security reports for Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Application: Stylish Price List – Price Table Builder & QR Code Restaurant Menu
Date: May 16, 2025
Research Description: The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable