129 matches found
CVE-2023-51517 WordPress Calculated Fields Form Plugin <= 1.2.28 is vulnerable to Open Redirection
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28...
CVE-2023-51517 WordPress Calculated Fields Form Plugin <= 1.2.28 is vulnerable to Open Redirection
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28...
CVE-2023-51517
The CVE-2023-51517 vulnerability affects the WordPress Calculated Fields Form plugin, with vulnerable versions listed as
WordPress Plugin Calculated Fields Form Input Validation Error Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. An input validation error vulnerability exists in...
PT-2023-31843 · Codepeople · Calculated Fields Form
Name of the Vulnerable Software and Affected Versions: Calculated Fields Form versions 1.2.28 and earlier Description: The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, in CodePeople Calculated Fields Form. This vulnerability allows for...
WordPress Calculated Fields Form Plugin <= 1.2.28 is vulnerable to Open Redirection
Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.28 Fixed in 1.2.29 OWASP Top 10 A3: Injection Classification Open Redirection CVE CVE-2023-51517 Patch priority Low CVSS severity Low 4.1 Developer Claim ownership PSID 4cc332044480 Credits Ngô Thiên An ancorn from VNPT-VCI...
Calculated Fields Form < 1.2.41 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Calculated Fields Form Plugin <= 1.2.40 is vulnerable to Cross Site Scripting (XSS)
Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.40 Fixed in 1.2.41 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6446 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 412adf4208bf Credits emad Required...
WordPress plugin Calculated Fields Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
WordPress Calculated Fields Form Plugin <= 1.1.120 is vulnerable to Other Vulnerability Type
Software Calculated Fields Form Type Plugin Vulnerable versions = 1.1.120 Fixed in 1.1.121 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-26523 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b1f5377f573e Credits István Márton...
Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields
The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Partial fixes were implemented in versions...
WordPress Calculated Fields Form Plugin Cross Site Scripting (CVE-2020-7228)
A stored cross-site scripting vulnerability exists in Calculated Fields Form plugin of WordPress. The vulnerability is due to insufficient sanitization of user input to "field name" and "form name" of a form in the web application of the plugin...
The vulnerability of the CRM system Odoo Community Edition and the ERP system Odoo Enterprise Edition lies in errors in processing non-stored calculated fields by the superuser, allowing attackers to escalate their privileges.
The vulnerability of the CRM system Odoo Community Edition and the ERP system Odoo Enterprise Edition is related to errors in processing non-saved calculated fields by the superuser. Exploiting this vulnerability can allow an attacker to enhance their privileges within the target system by sendin...
WordPress Calculated Fields Form Plugin <= 1.0.353 XSS Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113633";...
CVE-2020-7228
The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user...
CVE-2020-7228
The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user...
Cross site scripting
The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user...
CVE-2020-7228
The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user...
CVE-2020-7228
CVE-2020-7228 affects WordPress Calculated Fields Form plugin (versions
WordPress Calculated Fields Form plugin <= 1.0.353 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Ben Armstrong Spider Sec Ltd in WordPress Calculated Fields Form plugin versions = 1.0.353. Solution Update the WordPress Calculated Fields Form plugin to the latest available version at least 1.0.354...