CVE-2024-6010
Cost Calculator Builder PRO <= 3.2.1 - Unauthenticated Price Manipulation
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator. Note: this vulnerability was partially patched with the release of Cost Calculator Builder version 3.2.17.
| CWE | CWE-472 |
| Vendor | stylemixthemes |
| Product | cost calculator builder pro |
| Published | Sep 7, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for stylemixthemes cost calculator builder pro
Be the first to know when new medium vulnerabilities affecting stylemixthemes cost calculator builder pro are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
StylemixThemes / Cost Calculator Builder PRO
0 โค 3.2.1
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/fc04e676-e394-488e-a239-95af5f865613?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/cost-calculator-builder/trunk/frontend/dist/order.js docs.stylemixthemes.com: https://docs.stylemixthemes.com/cost-calculator-builder/changelog-1/changelog-pro-version plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3172590/
Credits
andrea bocchetti