Approved changes feed: RSS · Atom

cpe:2.3:a:stylemix:cost_calculator_builder:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorStylemix (c2170171-f70b-5bf4-89aa-da5048b14251)
ProductCost Calculator Builder (b0835b2d-2439-5f6b-b6d1-5cb50e04b136)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-9243 vulnerable 2026-06-08 07:45:21.987112 Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status Functions
HIGH (8.1)
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access order management functions and modify order status.
Published: 2025-10-04T02:24:36.330Z
Updated: 2026-04-08T17:14:22.077Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-62049 vulnerable 2026-06-08 07:37:28.582683 WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability
MEDIUM (6.5)
Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through <= 3.5.32.
Published: 2025-11-06T15:55:44.281Z
Updated: 2026-04-28T16:14:00.166Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-48277 vulnerable 2026-06-08 07:27:15.644094 WordPress Cost Calculator Builder plugin <= 3.2.74 - Cross Site Scripting (XSS) Vulnerability
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows Stored XSS.This issue affects Cost Calculator Builder: from n/a through <= 3.2.74.
Published: 2025-05-19T14:45:26.444Z
Updated: 2026-04-28T16:12:55.322Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-39587 vulnerable 2026-06-08 07:23:06.804374 WordPress Cost Calculator Builder plugin <= 3.2.65 - SQL Injection Vulnerability
CRITICAL (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through <= 3.2.65.
Published: 2025-04-17T15:46:44.464Z
Updated: 2026-04-28T16:12:35.219Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-31414 vulnerable 2026-06-08 07:17:02.975990 WordPress Cost Calculator Builder plugin <= 3.2.65 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder allows Stored XSS.This issue affects Cost Calculator Builder: from n/a through <= 3.2.65.
Published: 2025-03-31T06:07:11.895Z
Updated: 2026-04-28T16:12:06.218Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-2128 vulnerable 2026-06-08 07:14:58.060772 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-14757 vulnerable 2026-06-08 07:06:35.104027 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-14755 vulnerable 2026-06-08 07:06:35.100929 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-12529 vulnerable 2026-06-08 07:04:30.376970 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-6012 vulnerable 2026-06-08 06:58:17.193969 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-6011 vulnerable 2026-06-08 06:58:17.192506 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-40011 vulnerable 2026-06-08 06:09:41.019940 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.