Cross-Site Request Forgery Risk in Cost Calculator Builder Plugin for WordPress

Summary

The Cost Calculator Builder plugin for WordPress, prior to version 3.2.43, is vulnerable to Cross-Site Request Forgery (CSRF). This vulnerability arises due to the lack of proper CSRF checks in certain AJAX actions. attackers can exploit this weakness to trick authenticated users into executing potentially harmful actions without their consent. It is crucial for users and administrators of this plugin to update to the latest version to mitigate this risk.

References