CVE-2024-6010

Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder PRO plugin for WordPress versions up to, and including, 3.2.1

Description: The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation. This issue arises because the plugin allows the price field to be manipulated prior to processing via the create cc order function, which is called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator.

Recommendations: For versions up to, and including, 3.2.1, update to version 3.2.17 or later to partially patch this vulnerability. As a temporary workaround, consider restricting access to the create cc order function until a more comprehensive patch is available.