CVE-2021-24822

Name of the Vulnerable Software and Affected Versions: Stylish Cost Calculator WordPress plugin versions prior to 7.0.4

Description: The issue is related to the lack of authorization and CSRF checks on some AJAX actions in the plugin, which are available to authenticated users. This could allow any authenticated user to perform Stored Cross-Site Scripting attacks against logged-in admins and frontend users due to the lack of sanitization and escaping in some parameters.

Recommendations: For versions prior to 7.0.4, update to version 7.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until a patch is available. Avoid using the vulnerable parameters in the affected AJAX endpoints until the issue is resolved.