CVE-2024-6012

Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder plugin for WordPress versions prior to 3.2.13

Description: The issue allows authenticated attackers with Subscriber-level access and above to create arbitrary posts and append arbitrary content to existing posts due to a missing capability check on the embed-create-page and embed-insert-pages functions.

Recommendations: For versions prior to 3.2.13, update to version 3.2.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the embed-create-page and embed-insert-pages functions to prevent unauthorized modification of data.