EUVD-2023-23438

Malicious code in bioql PyPI...

CVE-2025-54046 WordPress Cost Calculator Plugin <= 7.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs Cost Calculator ql-cost-calculator allows Stored XSS.This issue affects Cost Calculator: from n/a through = 7.4...

CVE-2023-0165

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2021-24821

The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator Price Settings which gets injected on the edit page as well as any page that embeds the calculator using th...

WordPress plugin Cost Calculator for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2023-0165 Cost Calculator <= 1.8 - Contributor+ Stored XSS

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2023-16051 · WordPress · Cost Calculator

Name of the Vulnerable Software and Affected Versions: The Cost Calculator WordPress plugin versions 1.8 and earlier Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the Cost Calculator WordPress plugin, which could allow users with the...

CVE-2023-1155

The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ndccmetaboxccpriceicon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

Cross site scripting

The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ndccmetaboxccpriceicon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

CVE-2023-1155 Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ndccmetaboxccpriceicon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

CVE-2023-1155 Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ndccmetaboxccpriceicon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

CVE-2021-24821

The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator Price Settings which gets injected on the edit page as well as any page that embeds the calculator using th...

CVE-2021-24820

The Cost Calculator WordPress plugin through 1.6 allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.6 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout...

WordPress Cost Calculator plugin <= 1.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Cost Calculator plugin versions = 1.5. Solution Update the WordPress Cost Calculator plugin to the latest available version at least 1.6...