CVE-2024-4787 MEDIUM

CVE-2024-4787: Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending

Vendor Stylemixthemes

Product Cost Calculator Builder PRO

Weakness CWE-20 · Input validation

Published June 19, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

5.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient.

Key dates

02Disclosure timeline

June 19, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-4787

Related vulnerabilities

CVE-2024-4787: Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending

01Description

02Disclosure timeline

03References

04Related CVE