Stored Cross-Site Scripting in Estatik Mortgage Calculator by Estatik
CVE-2025-26907

7.5HIGH

Key Information:

Vendor: Estatik
Status: Mortgage Calculator Estatik
Vendor: CVE Published:; 25 February 2025

Summary

The Estatik Mortgage Calculator contains a vulnerability that allows an attacker to execute stored cross-site scripting (XSS) attacks. This occurs due to improper handling of user input during the web page generation process. Consequently, an attacker could inject malicious scripts that would be stored and subsequently rendered to users, posing significant security risks. This vulnerability affects versions of Mortgage Calculator Estatik from not available up to 2.0.12.

Affected Version(s)

Mortgage Calculator Estatik <= 2.0.12

References

https://patchstack.com/database/wordpress/plugin/estatik-...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)