CVE-2024-4787

Name of the Vulnerable Software and Affected Versions The Cost Calculator Builder PRO for WordPress versions up to, and including, 3.1.75

Description The issue arises from insufficient limitations on the email recipient and the content in the send pdf and the send pdf front functions, which are reachable via AJAX. This allows unauthenticated attackers to send emails with any content to any recipient.

Recommendations For versions up to, and including, 3.1.75, consider disabling the send pdf and send pdf front functions until a patch is available to prevent exploitation. Restrict access to AJAX endpoints that reach these functions to minimize the risk of arbitrary email sending.