Stylemixthemes

Cost Calculator Builder

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-14757

  • EPSS 0.03%
  • Veröffentlicht 16.01.2026 08:38:29
  • Zuletzt bearbeitet 23.01.2026 17:12:40

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the complete_payment AJ...

5.4

CVE-2024-10892

Exploit
  • EPSS 0.18%
  • Veröffentlicht 18.12.2024 06:15:21
  • Zuletzt bearbeitet 14.05.2025 20:14:11

The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.

5.4

CVE-2023-40011

  • EPSS 0.09%
  • Veröffentlicht 13.12.2024 15:15:21
  • Zuletzt bearbeitet 13.12.2024 15:15:21

Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42.

7.2

CVE-2024-8379

Exploit
  • EPSS 0.59%
  • Veröffentlicht 30.09.2024 06:15:14
  • Zuletzt bearbeitet 07.10.2024 15:49:54

The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

5.3

CVE-2024-6010

  • EPSS 0.35%
  • Veröffentlicht 07.09.2024 12:15:12
  • Zuletzt bearbeitet 23.10.2024 16:15:10

The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' f...

9.8

CVE-2024-43144

  • EPSS 0.8%
  • Veröffentlicht 29.08.2024 15:15:28
  • Zuletzt bearbeitet 19.09.2024 21:47:24

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.

4.8

CVE-2024-6011

Exploit
  • EPSS 0.36%
  • Veröffentlicht 02.07.2024 10:15:09
  • Zuletzt bearbeitet 21.11.2024 09:48:44

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes...

4.3

CVE-2024-6012

  • EPSS 0.1%
  • Veröffentlicht 02.07.2024 10:15:09
  • Zuletzt bearbeitet 21.11.2024 09:48:44

The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This mak...

7.2

CVE-2024-4097

  • EPSS 2.14%
  • Veröffentlicht 02.05.2024 17:15:34
  • Zuletzt bearbeitet 21.11.2024 09:42:11

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible f...