VYPR

Cost Calculator

by WordPress

CVEs (4)

  • CVE-2026-2506MedFeb 26, 2026
    risk 0.40cvss 6.1epss 0.00

    The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to the plugin storing attacker-controlled 'customer_name' data and rendering it in the admin customer list without output escaping. This…

  • CVE-2023-0165Mar 6, 2023
    risk 0.00cvss epss 0.00

    The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site…

  • CVE-2021-24821Mar 7, 2022
    risk 0.00cvss epss 0.01

    The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds…

  • CVE-2021-24820Feb 28, 2022
    risk 0.00cvss epss 0.03

    The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout