Cross-Site Scripting in Stylish Cost Calculator by Design
CVE-2025-66091
6.5MEDIUM
What is CVE-2025-66091?
The Stylish Cost Calculator plugin, developed by Design, is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. This security flaw can potentially allow attackers to inject malicious JavaScript into web pages viewed by users, risking data theft and impersonation. Affected versions include all before and including 8.1.5. Users are advised to apply available patches and adhere to secure coding practices to mitigate these risks.
Affected Version(s)
Stylish Cost Calculator <= n/a
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Muhammad Yudha - DJ | Patchstack Bug Bounty Program