← back
CVE-2024-10892

Cost Calculator Builder < 3.2.43 - Settings update via CSRF

CVSS 5.4 MEDIUMEPSS 0.2%
The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected products
Unknown · Cost Calculator Builder

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/ff1f5b84-a8cf-4574-a713-53d35739c6cb/