How severe is CVE-2024-6010?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-6010?

This is classified as CWE-472, which is a common weakness in software security.

CVE-2024-6010 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator. Note: this vulnerability was partially patched with the release of Cost Calculator Builder version 3.2.17.

Related Vulnerabilities

CVE-2019-13927

MEDIUM

CVSS:5.3(Medium)

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6...

CWE-4722019

CVE-2020-1765

MEDIUM

CVSS:5.3(Medium)

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue af...

CWE-4722020

CVE-2021-27769

MEDIUM

CVSS:5.3(Medium)

Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a b...

CWE-4722021

CVE-2022-30597

MEDIUM

CVSS:5.3(Medium)

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.

CWE-4722022

CVE-2024-22049

MEDIUM

CVSS:5.3(Medium)

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uplo...

CWE-4722024

CVE-2025-35939

MEDIUM

CVSS:5.3(Medium)

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects req...

CWE-4722025