The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45 due to the plugin not properly neutralizing HTML elements from submitted forms. This allows unauthenticated attackers to inject arbitrary HTML that renders in the administrator's email view of form submissions
Reporter | Title | Published | Views | Family All 5 |
---|---|---|---|---|
![]() | CVE-2024-9940 Calculated Fields Form <= 5.2.45 - HTML Injection | 17 Oct 202402:06 | – | vulnrichment |
![]() | CVE-2024-9940 Calculated Fields Form <= 5.2.45 - HTML Injection | 17 Oct 202402:06 | – | cvelist |
![]() | WordPress Calculated Fields Form Plugin <= 5.2.45 is vulnerable to Content Injection | 16 Oct 202400:00 | – | patchstack |
![]() | CVE-2024-9940 | 17 Oct 202402:15 | – | cve |
![]() | Wordfence Intelligence Weekly WordPress Vulnerability Report (October 14, 2024 to October 20, 2024) | 24 Oct 202415:33 | – | wordfence |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo