Cyber Resilience

CVE-2024-6010

Medium

Published: 07 September 2024

Published
07 September 2024
Modified
23 October 2024
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0035 58.0th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-6010 is a medium-severity External Control of Assumed-Immutable Web Parameter (CWE-472) vulnerability in Stylemixthemes Cost Calculator Builder. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 42.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order'…

more

function, called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator. Note: this vulnerability was partially patched with the release of Cost Calculator Builder version 3.2.17.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

stylemixthemes
cost calculator builder
≤ 3.1.96

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References