CVE-2023-0165
- EPSS 0.14%
- Veröffentlicht 06.03.2023 14:15:10
- Zuletzt bearbeitet 06.03.2025 15:15:13
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to per...
CVE-2023-1155
- EPSS 0.2%
- Veröffentlicht 02.03.2023 18:15:09
- Zuletzt bearbeitet 21.11.2024 07:38:34
The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possi...
CVE-2021-24821
- EPSS 0.18%
- Veröffentlicht 07.03.2022 09:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:49
The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as we...