The Cost Calculator Builder plugin for WordPress, up to and including version 4.0.11, is vulnerable to Sensitive Information Exposure. This vulnerability allows unauthenticated attackers to extract plaintext Stripe secret keys, Razorpay secret keys, and PayPal client secrets from the page source of any page containing a calculator. This exposure occurs when the 'use in all calculators' option is enabled f [truncated]
The CVE record was published on 2026-07-11T04:17:16.650Z and has not been modified since then. The NVD entry is currently Received. This vulnerability affects the Motors – Car Dealership & Classified Listings Plugin for WordPress, specifically versions up to and including 1.4.112. The vulnerability class is Stored Cross-Site Scripting via Comment Content and User Biographical Info. The likely operational [truncated]