Cost Calculator Builder
Approved changes feed: RSS · Atom
cpe:2.3:a:stylemixthemes:cost_calculator_builder:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Stylemixthemes (a955917c-2229-564b-bd01-1fb4beeda74f) |
|---|---|
| Product | Cost Calculator Builder (bf72f313-c226-51a5-a583-0df49e43889b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8379 |
vulnerable | 2026-06-03 14:58:18.306573 |
Cost Calculator Builder < 3.2.29 - Admin+ SQL Injection
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Published: 2024-09-30T06:00:07.069Z
Updated: 2024-10-01T14:13:20.982Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6012 |
vulnerable | 2026-06-03 14:57:55.034565 |
Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation
MEDIUM (4.3)
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary posts and append arbitrary content to existing posts.
Published: 2024-07-02T09:32:10.221Z
Updated: 2026-04-08T17:34:58.487Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6011 |
vulnerable | 2026-06-03 14:57:55.033989 |
Cost Calculator Builder <= 3.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
MEDIUM (4.4)
The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-07-02T09:32:09.622Z
Updated: 2026-04-08T16:32:58.500Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43144 |
vulnerable | 2026-06-03 14:56:44.583408 |
WordPress Cost Calculator Builder plugin <= 3.2.15 - SQL Injection vulnerability
CRITICAL (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.
Published: 2024-08-29T14:45:16.268Z
Updated: 2026-04-28T16:10:09.154Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10892 |
vulnerable | 2026-06-03 14:54:12.835179 |
Cost Calculator Builder < 3.2.43 - Settings update via CSRF
The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
Published: 2024-12-18T06:00:16.137Z
Updated: 2024-12-18T15:10:31.241Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.