3 matches found
CVE-2023-1155 Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ndccmetaboxccpriceicon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2023-1155
CVE-2023-1155 : The Cost Calculator plugin for WordPress (versions up to 1.8) is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter. Exploitation requires authenticated access at contributor level or higher, and scripts run when a user visits an injected page...
CVE-2023-1155 Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ndccmetaboxccpriceicon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...