3 matches found
WordPress Cost Calculator Builder Pro Plugin <= 3.1.96 is vulnerable to Broken Access Control
Software Cost Calculator Builder Pro Type Plugin Vulnerable versions = 3.1.96 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6010 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e259d2d9cc39 Credits andrea bocchetti...
CVE-2024-6010 Cost Calculator Builder PRO <= 3.2.1 - Unauthenticated Price Manipulation
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'createccorder' function, called from the Cost Calculator Builder...
CVE-2024-6010
CVE-2024-6010 affects Cost Calculator Builder PRO for WordPress up to version 3.2.1, where unauthenticated users can manipulate the price of orders via the create_cc_order function. This is caused by insufficient input validation on the price field before processing in the Cost Calculator Builder...