Pearl Header Builder

CVEs (3)

• CVE-2025-31881MedApr 1, 2025
  risk 0.35cvss 5.4epss 0.00

  Missing Authorization vulnerability in Stylemix Pearl pearl-header-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pearl: from n/a through <= 1.3.9.

• CVE-2025-31880MedApr 1, 2025
  risk 0.28cvss 4.3epss 0.00

  Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl pearl-header-builder allows Cross Site Request Forgery.This issue affects Pearl: from n/a through <= 1.3.9.

• CVE-2024-12206MedJan 9, 2025
  risk 0.28cvss 4.3epss 0.00

  The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stm_header_builder page. This makes it possible for unauthenticated attackers to delete arbitrary headers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.