CVE-2024-43144

CRITICAL NUCLEI

StylemixThemes Cost Calculator <3.2.15 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-43144. PoCs published by Sechunt3r. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-43144, an unauthenticated SQL injection vulnerability in the Cost Calculator Builder WordPress plugin. The exploit includes a Nuclei template and a Bash script that confirm the vulnerability via time-based blind SQL injection.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.

Exploits (1)

github WORKING POC

by Sechunt3r · shellpoc

https://github.com/Sechunt3r/CVE-POCs/tree/main/CVE-2024-43144

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-43144, an unauthenticated SQL injection vulnerability in the Cost Calculator Builder WordPress plugin. The exploit includes a Nuclei template and a Bash script that confirm the vulnerability via time-based blind SQL injection.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Cost Calculator Builder WordPress plugin <= 3.2.15

No auth needed

Prerequisites: WordPress site with Cost Calculator Builder plugin <= 3.2.15 · Access to the target site

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Mar 10, 2026 Full analysis →

Nuclei Templates (1)

Cost Calculator Builder <= 3.2.15 - SQL Injection

CRITICALVERIFIEDby Shivam Kamboj

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/cost-calculator-builder/wordpress-cost-calculator-builder-plugin-3-2-15-sql-injection-vulnerability?_s_id=cve

Scores

CVSS v3 9.3

EPSS 0.0200

EPSS Percentile 78.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

StylemixThemes/Cost Calculator Builder < 3.2.15

stylemixthemes/cost_calculator_builder < 3.2.16

Published Aug 29, 2024

Tracked Since Feb 18, 2026