Search criteria
4 vulnerabilities found for Cost Calculator Builder by Unknown
CVE-2024-10892 (GCVE-0-2024-10892)
Vulnerability from cvelistv5 – Published: 2024-12-18 06:00 – Updated: 2024-12-18 15:10
VLAI?
Title
Cost Calculator Builder < 3.2.43 - Settings update via CSRF
Summary
The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Cost Calculator Builder |
Affected:
0 , < 3.2.43
(semver)
|
Credits
Miguel Xavier Penha Neto
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-10892",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T15:09:50.282831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T15:10:31.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cost Calculator Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.2.43",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Miguel Xavier Penha Neto"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T06:00:16.137Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/ff1f5b84-a8cf-4574-a713-53d35739c6cb/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cost Calculator Builder \u003c 3.2.43 - Settings update via CSRF",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-10892",
"datePublished": "2024-12-18T06:00:16.137Z",
"dateReserved": "2024-11-05T18:26:45.843Z",
"dateUpdated": "2024-12-18T15:10:31.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8379 (GCVE-0-2024-8379)
Vulnerability from cvelistv5 – Published: 2024-09-30 06:00 – Updated: 2024-10-01 14:13
VLAI?
Title
Cost Calculator Builder < 3.2.29 - Admin+ SQL Injection
Summary
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Severity ?
7.2 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Cost Calculator Builder |
Affected:
0 , < 3.2.29
(semver)
|
Credits
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:stylemixthemes:cost_calculator_builder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cost_calculator_builder",
"vendor": "stylemixthemes",
"versions": [
{
"lessThan": "3.2.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-8379",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:10:57.944893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:13:20.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cost Calculator Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.2.29",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T06:00:07.069Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/a3463d5a-8215-4958-a6c0-039681c35a50/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cost Calculator Builder \u003c 3.2.29 - Admin+ SQL Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-8379",
"datePublished": "2024-09-30T06:00:07.069Z",
"dateReserved": "2024-09-02T17:56:46.720Z",
"dateUpdated": "2024-10-01T14:13:20.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10892 (GCVE-0-2024-10892)
Vulnerability from nvd – Published: 2024-12-18 06:00 – Updated: 2024-12-18 15:10
VLAI?
Title
Cost Calculator Builder < 3.2.43 - Settings update via CSRF
Summary
The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Cost Calculator Builder |
Affected:
0 , < 3.2.43
(semver)
|
Credits
Miguel Xavier Penha Neto
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-10892",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T15:09:50.282831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T15:10:31.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cost Calculator Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.2.43",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Miguel Xavier Penha Neto"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T06:00:16.137Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/ff1f5b84-a8cf-4574-a713-53d35739c6cb/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cost Calculator Builder \u003c 3.2.43 - Settings update via CSRF",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-10892",
"datePublished": "2024-12-18T06:00:16.137Z",
"dateReserved": "2024-11-05T18:26:45.843Z",
"dateUpdated": "2024-12-18T15:10:31.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8379 (GCVE-0-2024-8379)
Vulnerability from nvd – Published: 2024-09-30 06:00 – Updated: 2024-10-01 14:13
VLAI?
Title
Cost Calculator Builder < 3.2.29 - Admin+ SQL Injection
Summary
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
Severity ?
7.2 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Cost Calculator Builder |
Affected:
0 , < 3.2.29
(semver)
|
Credits
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:stylemixthemes:cost_calculator_builder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cost_calculator_builder",
"vendor": "stylemixthemes",
"versions": [
{
"lessThan": "3.2.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-8379",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:10:57.944893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:13:20.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cost Calculator Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.2.29",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T06:00:07.069Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/a3463d5a-8215-4958-a6c0-039681c35a50/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cost Calculator Builder \u003c 3.2.29 - Admin+ SQL Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-8379",
"datePublished": "2024-09-30T06:00:07.069Z",
"dateReserved": "2024-09-02T17:56:46.720Z",
"dateUpdated": "2024-10-01T14:13:20.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}