cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forstylish-cost-calculator stylish-cost-calculator

Direction: descending
Jan 27, 2026

Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator # CVE-2026-24630

CVE, Research URL

CVE-2026-24630

Home page URL

Security reports for Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator

Application

Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator

Date
Jan 23, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.8.
Affected versions
max 8.1.8.
Status
vulnerable
Dec 11, 2025

Stylish Cost Calculator &#8211; Quote Generator, Lead Gen &amp; Price Estimator # CVE-2025-66091

CVE, Research URL

CVE-2025-66091

Home page URL

Security reports for Stylish Cost Calculator &#8211; Quote Generator, Lead Gen &amp; Price Estimator

Application

Stylish Cost Calculator &#8211; Quote Generator, Lead Gen &amp; Price Estimator

Date
Nov 21, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.5.
Affected versions
max 8.1.5.
Status
vulnerable
Jun 07, 2024

Stylish Cost Calculator &#8211; Quote Generator, Lead Gen &amp; Price Estimator # CVE-2021-24822

CVE, Research URL

CVE-2021-24822

Home page URL

Security reports for Stylish Cost Calculator &#8211; Quote Generator, Lead Gen &amp; Price Estimator

Application

Stylish Cost Calculator &#8211; Quote Generator, Lead Gen &amp; Price Estimator

Date
Nov 29, 2021
Research Description
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users due to the lack of sanitisation and escaping in some parameters
Affected versions
max 7.0.4.
Status
vulnerable