Vulnerabilities and security researches forestatik-mortgage-calculator estatik-mortgage-calculator

Jun 10, 2024

CVE, Research URL: CVE-2023-28490
Home page URL: Security reports for Estatik Mortgage Calculator
Application: Estatik Mortgage Calculator
Date: Sep 27, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-40601
Home page URL: Security reports for Estatik Mortgage Calculator
Application: Estatik Mortgage Calculator
Date: Sep 06, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions.
Affected versions: Min -, max -.
Status: vulnerable

Jan 08, 2025

CVE, Research URL: CVE-2024-9354
Home page URL: Security reports for Estatik Mortgage Calculator
Application: Estatik Mortgage Calculator
Date: Jan 07, 2025
Research Description: The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'color' parameter in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Feb 27, 2025

CVE, Research URL: CVE-2025-26907
Home page URL: Security reports for Estatik Mortgage Calculator
Application: Estatik Mortgage Calculator
Date: Feb 25, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Mortgage Calculator Estatik allows Stored XSS. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12.
Affected versions: Min -, max -.
Status: vulnerable

May 18, 2025

CVE, Research URL: CVE-2025-48136
Home page URL: Security reports for Estatik Mortgage Calculator
Application: Estatik Mortgage Calculator
Date: May 16, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12.
Affected versions: Min -, max -.
Status: vulnerable