cleantalk
Vulnerabilities and Security Researches

Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator, CVE-2021-24822

CVE, Research URL

CVE-2021-24822

Home page URL

Security reports for Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator

Application

Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator

Published on
Nov 29, 2021
Research Description
The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenticated users, such as subscriber to call them, and perform Stored Cross-Site Scripting attacks against logged in admin, as well as frontend users due to the lack of sanitisation and escaping in some parameters
Affected versions
max 7.0.4.
Status
vulnerable
Previous vulnerability researches
Project Cost Calculator (CVE-2025-52775) , Aug 14, 2025
EM Cost Calculator (CVE-2026-2506) , Apr 16, 2026
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator (CVE-2026-24630) , Jan 27, 2026
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator (CVE-2021-24822) , Jun 07, 2024
Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator (CVE-2025-66091) , Dec 11, 2025
New vulnerability
Viet contact (CVE-2026-1045) , Apr 16, 2026
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, , Apr 16, 2026
Google Calendar List View (CVE-2026-2396) , Apr 16, 2026
CM Email Registration Blacklist and Whitelist (CVE-2026-0691) , Apr 16, 2026
AMP Enhancer – Compatibility Layer for Official AMP Plugin (CVE-2026-2027) , Apr 16, 2026