Lucene search
K

4 matches found

Patchstack
Patchstack
added 2026/02/26 7:23 a.m.6 views

WordPress EM Cost Calculator plugin <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'customername' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Cost Calculator Pro versions = 2.3.1...

6.1CVSS5.3AI score0.00215EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/16 8:38 a.m.19 views

CVE-2025-14757

CVE-2025-14757 affects Cost Calculator Builder (WordPress) up to version 3.6.9 when used with Cost Calculator Builder PRO. Root cause: the complete_payment AJAX action is registered via wp_ajax_nopriv, allowing unauthenticated access, and the complete() check only validates a nonce, not user capa...

5.3CVSS6AI score0.00327EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.5 views

PT-2026-3234

Name of the Vulnerable Software and Affected Versions Cost Calculator Builder plugin for WordPress versions prior to 3.7.0 Description The Cost Calculator Builder plugin for WordPress is susceptible to an unauthenticated payment status bypass. This occurs because the complete payment AJAX action ...

5.3CVSS5.3AI score0.00327EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.3 views

CVE-2024-4787

The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'sendpdf' and the 'sendpdffront' functions which are reachable via...

5.8CVSS6AI score0.00349EPSS
Exploits0References1
Rows per page
Query Builder