Cost Calculator Builder Security Vulnerabilities and Issues — Cost Calculator Builder CVE List

Lucene search

StylemixthemesCost Calculator Builder

8 matches found

CVE•added 2024/08/29 3:15 p.m.•51 views

CVE-2024-43144

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.

9.8CVSS9.9AI score0.00571EPSS

CVE•added 2024/07/02 10:15 a.m.•42 views

CVE-2024-6012

The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with ...

4.3CVSS4.8AI score0.00034EPSS

CVE•added 2024/05/02 5:15 p.m.•41 views

CVE-2024-4097

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary ...

7.2CVSS6AI score0.00909EPSS

CVE•added 2024/09/07 12:15 p.m.•41 views

CVE-2024-6010

The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder ...

5.3CVSS5.6AI score0.00409EPSS

CVE•added 2024/12/18 6:15 a.m.•38 views

CVE-2024-10892

The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.

5.4CVSS6.5AI score0.00023EPSS

CVE•added 2024/07/02 10:15 a.m.•36 views

CVE-2024-6011

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Ad...

4.8CVSS4.8AI score0.00049EPSS

CVE•added 2024/09/30 6:15 a.m.•34 views

CVE-2024-8379

The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

7.2CVSS7.5AI score0.00285EPSS

CVE•added 2024/12/13 3:15 p.m.•28 views

CVE-2023-40011

Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42.

5.4CVSS5.6AI score0.00067EPSS