Stylemixthemes: >> Cost Calculator Builder >> 3.2.24 Security Vulnerabilities
The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-12-18
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-09-30