CVE-2025-54047
Description
Missing Authorization vulnerability in QuanticaLabs Cost Calculator ql-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator: from n/a through <= 7.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization vulnerability in WordPress Cost Calculator plugin ≤7.4 allows unprivileged attackers to exploit broken access controls.
The Cost Calculator plugin for WordPress (up to version 7.4) contains a missing authorization vulnerability, classified as a broken access control issue [1]. This flaw allows attackers to bypass proper access control checks, potentially executing actions that should be restricted to higher-privileged users.
The vulnerability can be exploited without requiring authentication, as the plugin fails to validate user permissions for certain functions [1]. Attackers can leverage this to perform unauthorized actions, such as modifying plugin settings or accessing sensitive data, and the issue is known to be used in mass-exploit campaigns targeting thousands of websites [1].
Successful exploitation could lead to partial compromise of the site, depending on the functionality exposed. The impact is considered low severity, but the potential for widespread automated attacks makes prompt patching critical [1].
Mitigation is straightforward: update the plugin to version 7.5 or later, which resolves the missing authorization. Patchstack users can enable auto-updates to stay protected [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=7.4
- Range: <=7.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.