Skip to main content

Cost Calculator Builder EUVDEUVD-2026-43152

| CVE-2026-10865 MEDIUM
Information Exposure (CWE-200)
2026-07-11 Wordfence GHSA-7cvm-m8m6-prmw
5.3
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
10.0 CRITICAL

Scope changes because secret keys control external payment gateway accounts; full API key disclosure yields high confidentiality and integrity impact against those accounts.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 11, 2026 - 07:07 vuln.today
CVE Published
Jul 11, 2026 - 05:35 cve.org
MEDIUM 5.3

DescriptionCVE.org

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the (template body). This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal client_secret embedded in the page source of any page containing a calculator, enabling full control of the merchant's payment gateway accounts. This exposure only occurs when the 'use in all calculators' option is enabled for one or more payment gateways in the plugin's global settings.

AnalysisAI

Plaintext payment gateway secret key exposure in the Cost Calculator Builder WordPress plugin (all versions ≤ 4.0.11) allows any unauthenticated remote visitor to harvest Stripe, Razorpay, and PayPal merchant credentials directly from page HTML source. The plugin embeds live API secret keys in the frontend template body when the 'use in all calculators' global payment gateway option is active, making those keys readable without any authentication or special tooling. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running Cost Calculator Builder
Delivery
Send unauthenticated GET request to any calculator page
Exploit
Extract plaintext secret key from HTML source
Execution
Authenticate to Stripe/Razorpay/PayPal API using harvested key
Impact
Execute unauthorized charges or refunds against merchant account

Vulnerability AssessmentAI

Exploitation Exploitation requires exactly one non-default configuration: the 'use in all calculators' option must be explicitly enabled in the Cost Calculator Builder plugin's global settings for at least one payment gateway (Stripe, Razorpay, or PayPal). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The official CVSS 3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) materially understates real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker browses to any publicly accessible WordPress page that contains a cost calculator widget on an affected merchant site where the 'use in all calculators' payment gateway option is active. Using browser developer tools or a simple 'view source', the attacker locates the plaintext Stripe secret key (beginning with 'sk_live_') or equivalent Razorpay/PayPal credential embedded in the HTML. …
Remediation Update the Cost Calculator Builder plugin to version 4.0.12 or later - a fix changeset has been committed to the WordPress plugin repository (see the Trac changeset reference: plugins.trac.wordpress.org/changeset?reponame=&old=3578557%40cost-calculator-builder&new=3578557%40cost-calculator-builder), though the exact released patched version number is inferred rather than explicitly confirmed in available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43152 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy