cbcvebase.

Loopus Wp Cost Estimation Payment Forms Builder vulnerabilities

6 known vulnerabilities affecting loopus/wp_cost_estimation_payment_forms_builder.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2019-25296P1CRITICALCVSS 9.8Exploitedfixed in 9.6442026-01-08
CVE-2019-25296 [CRITICAL] CWE-434 CVE-2019-25296: The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may ma
nvd
CVE-2024-30489P3HIGHCVSS 8.5≥ n/a, ≤ 10.1.752024-03-31
CVE-2024-30489 [HIGH] CWE-89 CVE-2024-30489: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75.
nvd
CVE-2026-24363P3HIGHCVSS 7.5≤ 10.3.02026-03-25
CVE-2026-24363 [HIGH] CWE-862 CVE-2026-24363: Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimati Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through < 10.3.0.
nvd
CVE-2019-25295P3MEDIUMCVSS 6.5fixed in 9.6602026-01-08
CVE-2019-25295 [MEDIUM] CWE-22 CVE-2019-25295: The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site.
nvd
CVE-2024-32509P4MEDIUMCVSS 6.5≥ n/a, ≤ 10.1.762024-04-17
CVE-2024-32509 [MEDIUM] CWE-862 CVE-2024-32509: Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76.
nvd
CVE-2024-32510P4HIGHCVSS 7.1≥ n/a, ≤ 10.1.752024-04-17
CVE-2024-32510 [HIGH] CWE-79 CVE-2024-32510: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75.
nvd
Loopus Wp Cost Estimation Payment Forms Builder vulnerabilities | cvebase