Description
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
Published: 2026-06-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Stylish Cost Calculator plugin through version 8.3.9 suffers from unauthenticated broken access control. The flaw allows an attacker to invoke privileged plugin functionality without authenticating, potentially creating, modifying, or deleting cost calculations and other sensitive data. This weakness corresponds to CWE‑862 and jeopardises the integrity of site content.

Affected Systems

Design:Stylish Cost Calculator plugin, versions up to and including 8.3.9, running on WordPress installations. No additional version details are listed beyond the threshold version.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.5, indicating high severity. EPSS information is unavailable, and the flaw is not currently listed in the CISA KEV catalog. Attackers can exploit the issue directly without authentication, likely through exposed plugin endpoints or administrative interfaces, making the risk significant for sites that have the plugin installed.

Generated by OpenCVE AI on June 26, 2026 at 16:46 UTC.

Remediation

Vendor Solution

Update the WordPress Stylish Cost Calculator Plugin to the latest available version (at least 8.3.10).

OpenCVE Recommended Actions

  • Upgrade the Stylish Cost Calculator plugin to version 8.3.10 or later.
  • If an immediate upgrade is impossible, restrict the plugin’s URLs and functions to authenticated administrators only by modifying web server rules or using role‑based access control plugins.
  • Monitor site activity and logs for suspicious requests to the plugin’s endpoints and remove any unauthorized or altered data.

Generated by OpenCVE AI on June 26, 2026 at 16:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Design
Design stylish Cost Calculator
Wordpress
Wordpress wordpress
Vendors & Products Design
Design stylish Cost Calculator
Wordpress
Wordpress wordpress

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
Title WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Design Stylish Cost Calculator
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T15:50:27.598Z

Reserved: 2026-06-16T09:22:02.525Z

Link: CVE-2026-54847

cve-icon Vulnrichment

Updated: 2026-06-26T15:50:21.350Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T19:15:03Z

Weaknesses