4 matches found
WordPress EM Cost Calculator plugin <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name' vulnerability
Unauthenticated Stored Cross-Site Scripting via 'customername' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Cost Calculator Pro versions = 2.3.1...
CVE-2025-14757
CVE-2025-14757 affects Cost Calculator Builder (WordPress) up to version 3.6.9 when used with Cost Calculator Builder PRO. Root cause: the complete_payment AJAX action is registered via wp_ajax_nopriv, allowing unauthenticated access, and the complete() check only validates a nonce, not user capa...
PT-2026-3234
Name of the Vulnerable Software and Affected Versions Cost Calculator Builder plugin for WordPress versions prior to 3.7.0 Description The Cost Calculator Builder plugin for WordPress is susceptible to an unauthenticated payment status bypass. This occurs because the complete payment AJAX action ...
CVE-2024-4787
The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'sendpdf' and the 'sendpdffront' functions which are reachable via...