CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 5 days ago•3 views

CVE-2025-14755

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

5.3CVSS5.5AI score0.00044EPSS

NVD•added 2026/05/13 5:16 a.m.•5 views

CVE-2025-14755

5.3CVSS0.00044EPSS

ATTACKERKB•added 2026/05/13 3:26 a.m.•3 views

CVE-2025-14755

EUVD•added 2026/05/13 3:26 a.m.•4 views

Exploits0References4

EUVD-2025-209816

Cvelist•added 2026/05/13 3:26 a.m.•30 views

CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

5.3CVSS0.00044EPSS

Vulnrichment•added 2026/05/13 3:26 a.m.•4 views

CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

CVE•added 2026/05/13 3:26 a.m.•8 views

CVE-2025-14755

The Cost Calculator Builder plugin for WordPress (

Positive Technologies•added 2026/05/13 12:0 a.m.•9 views

PT-2026-40557

CNNVD•added 2026/05/13 12:0 a.m.•5 views

WordPress plugin Cost Calculator Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Patchstack•added 2026/05/12 3:19 p.m.•5 views

WordPress Cost Calculator Builder plugin <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability

Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability discovered by andrea bocchetti in WordPress Plugin Cost Calculator Builder versions = 4.0.1...

Exploits0References1Affected Software1

Patchstack•added 2026/02/26 7:23 a.m.•4 views

WordPress EM Cost Calculator plugin <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'customername' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Cost Calculator Pro versions = 2.3.1...

6.1CVSS5.3AI score0.00126EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/02/26 1:24 a.m.•4 views

CVE-2026-2506

The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to the plugin storing attacker-controlled 'customername' data and rendering it in the admin customer list without output escaping. This makes it possible f...

6.1CVSS5.6AI score0.00126EPSS

Exploits0References6

Cvelist•added 2026/02/26 1:24 a.m.•19 views

CVE-2026-2506 EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name'

6.1CVSS0.00126EPSS

Exploits0References5

CNNVD•added 2026/02/26 12:0 a.m.•3 views

WordPress plugin EM Cost Calculator 跨站脚本漏洞

6.1CVSS5.7AI score0.00126EPSS

Exploits0References5

RedhatCVE•added 2026/01/24 3:18 p.m.•3 views

CVE-2026-24630

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through = 8.2.9...

6.5CVSS5.8AI score0.00064EPSS

NVD•added 2026/01/23 3:16 p.m.•4 views

CVE-2026-24630

6.5CVSS0.00064EPSS