CVE-2023-1155 – Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-1155
The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wordpress.org/plugins/nd-projects/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/750be90d-dc12-4974-8921-75259d56c7b3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-0165 – Cost Calculator <= 1.8 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0165
The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's nd_cost_calculator shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/f00b82f7-d8ad-4f6b-b791-81cc16b6336b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24820 – Cost Calculator <= 1.6 - Authenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2021-24820
The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout El plugin de Cost Calculator de WordPress hasta la versión 1.6 permite a los usuarios autentificados (Contributor+ en las versiones anteriores a la versión 1.5, y Admin+ en las versiones anteriores o iguales a la versión 1.6) realizar el path traversal y la inclusión de archivos PHP locales en los servidores web de Windows a través del Layout del post Cost Calculator. The Cost Calculator WordPress plugin through 1.7 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.8) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout • https://wpscan.com/vulnerability/47652b24-a6f0-4bbc-834e-496b88523fe7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVE-2021-24821 – Cost Calculator < 1.6 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24821
The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price Settings (which gets injected on the edit page as well as any page that embeds the calculator using the shortcode), as well as the Text Preview field of a Project (injected on the edit project page) El plugin Cost Calculator de WordPress versiones anteriores a 1.6, permite a usuarios con un rol tan bajo como el de Contribuyente llevar a cabo ataques de tipo Cross-Site Scripting Almacenado por medio de los campos Description de Cost Calculator ) Price Settings (que es inyectado en la página de edición así como en cualquier página que incorpore la calculadora usando el shortcode), así como el campo Text Preview de un Project (inyectado en la página de edición del proyecto) • https://wpscan.com/vulnerability/f0915b66-0b99-4aeb-9fba-759cafaeb0cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •