158 matches found
Cost Calculator Builder <= 3.2.15 - SQL Injection
The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-14755
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
CVE-2025-14755
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
CVE-2025-14755
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
EUVD-2025-209816
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...
CVE-2025-14755
The Cost Calculator Builder plugin for WordPress (
PT-2026-40557
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccb woocommerce payment AJA...
WordPress plugin Cost Calculator Builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Cost Calculator Builder plugin <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability
Unauthenticated Price Manipulation and Insecure Direct Object Reference vulnerability discovered by andrea bocchetti in WordPress Plugin Cost Calculator Builder versions = 4.0.1...
CVE-2025-14757
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...
CVE-2025-14757
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...
CVE-2025-14757
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...
CVE-2025-14757
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...
CVE-2025-14757
CVE-2025-14757 affects Cost Calculator Builder (WordPress) up to version 3.6.9 when used with Cost Calculator Builder PRO. Root cause: the complete_payment AJAX action is registered via wp_ajax_nopriv, allowing unauthenticated access, and the complete() check only validates a nonce, not user capa...
CVE-2025-14757 Cost Calculator Builder <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status Bypass
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...
CVE-2025-14757 Cost Calculator Builder <= 3.6.9 - Missing Authorization to Unauthenticated Payment Status Bypass
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the completepayment AJAX action being registered via wpajaxnopriv,...
WordPress Plugin Cost Calculator Builder has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
PT-2026-3234
Name of the Vulnerable Software and Affected Versions Cost Calculator Builder plugin for WordPress versions prior to 3.7.0 Description The Cost Calculator Builder plugin for WordPress is susceptible to an unauthenticated payment status bypass. This occurs because the complete payment AJAX action ...