VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 5 known issues Latest disclosed Apr 15, 2024

WP Cost Estimation & Payment Forms Builder Vulnerabilities

Review known vulnerability records for the WordPress plugin WP Cost Estimation & Payment Forms Builder (`wp-estimation-form`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-32510, CVE-2024-32509 and CVE-2024-30489, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
5
High or Critical
2
Patch Coverage
100%
Last Updated
Jan 08, 2026
Priority CVE Quick Links

Fast paths into WP Cost Estimation & Payment Forms Builder CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
5
CVE-2024-30489 Critical 10.1.76
CVE-2024-30489 WP Cost Estimation & Payment Forms Builder SQL Injection

WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Authenticated (Contributor+) SQL Injection

CVE-2019-25296 Critical 9.644
CVE-2019-25296 WP Cost Estimation & Payment Forms Builder Remote Code Execution

WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete

CVE-2019-25295 Medium 9.660
CVE-2019-25295 WP Cost Estimation & Payment Forms Builder Vulnerability

WP Cost Estimation < 9.660 - Upload Directory Traversal

CVE-2024-32510 Medium 10.1.76
CVE-2024-32510 WP Cost Estimation & Payment Forms Builder Cross-Site Scripting

WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Reflected Cross-Site Scripting

CVE-2024-32509 Medium 10.1.77
CVE-2024-32509 WP Cost Estimation & Payment Forms Builder Vulnerability

WP Cost Estimation & Payment Forms Builder <= 10.1.76 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP Cost Estimation & Payment Forms Builder so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
5 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
2 critical and 0 high severity findings.
Recent CVEs
CVE-2024-32510, CVE-2024-32509 and CVE-2024-30489
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for WP Cost Estimation & Payment Forms Builder

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-32510
CVE-2024-32510: WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Reflected Cross-Site Scripting

The WP Cost Estimation & Payment Forms Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 10.1.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to in...

Published
Apr 15, 2024
Patched Release
10.1.76
Affected Versions
Versions up to 10.1.75
Next Step
Update to 10.1.76 or newer if supported.
Open CVE-2024-32510 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-32509
CVE-2024-32509: WP Cost Estimation & Payment Forms Builder <= 10.1.76 - Missing Authorization

The WP Cost Estimation & Payment Forms Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 10.1.76. This makes it possible for unauthenticated attackers to perform an unauthorized...

Published
Apr 15, 2024
Patched Release
10.1.77
Affected Versions
Versions up to 10.1.76
Next Step
Update to 10.1.77 or newer if supported.
Open CVE-2024-32509 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-30489
CVE-2024-30489: WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Authenticated (Contributor+) SQL Injection

The WP Cost Estimation & Payment Forms Builder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 10.1.75 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it pos...

Published
Mar 28, 2024
Patched Release
10.1.76
Affected Versions
Versions up to 10.1.75
Next Step
Update to 10.1.76 or newer if supported.
Open CVE-2024-30489 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2019-25296
CVE-2019-25296: WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete

The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attacker...

Published
Feb 14, 2019
Patched Release
9.644
Affected Versions
Versions before 9.644
Next Step
Update to 9.644 or newer if supported.
Open CVE-2019-25296 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2019-25295
CVE-2019-25295: WP Cost Estimation < 9.660 - Upload Directory Traversal

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site.

Published
Feb 14, 2019
Patched Release
9.660
Affected Versions
Versions before 9.660
Next Step
Update to 9.660 or newer if supported.
Open CVE-2019-25295 Report Open CVE Reference