CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-Site Request Forgery CSRF vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through = 5.3.58...

8.8CVSS5.9AI score0.0016EPSS

Exploits0References1

NVD•added 2025/06/06 1:15 p.m.•10 views

CVE-2025-49291

8.8CVSS0.0016EPSS

Exploits0References1

OSV•added 2025/06/06 1:15 p.m.•3 views

CVE-2025-49291

Cross-Site Request Forgery CSRF vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58...

8.8CVSS5.8AI score0.0016EPSS

Exploits0References1

CVE•added 2025/06/06 12:53 p.m.•48 views

CVE-2025-49291

CVE-2025-49291 is a CSRF vulnerability in Calculated Fields Form. The issue affects the plugin for WordPress versions from unspecified earliest up to v5.3.58. NVD’s entry lists a high base CVSS v3.1 of 8.8 (CONF: HIGH, IMPACT: HIGH) with attack vector NETWORK and user interaction REQUIRED, indica...

8.8CVSS5.9AI score0.0016EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/06/06 12:53 p.m.•15 views

CVE-2025-49291 WordPress Calculated Fields Form plugin <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability

4.3CVSS0.0016EPSS

Exploits0References1

Vulnrichment•added 2025/06/06 12:53 p.m.•7 views

CVE-2025-49291 WordPress Calculated Fields Form <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58...

4.3CVSS7.2AI score0.0016EPSS

Exploits0References1

CNNVD•added 2025/06/06 12:0 a.m.•2 views

WordPress plugin Calculated Fields Form 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS4.8AI score0.0016EPSS

Exploits0References1

Positive Technologies•added 2025/06/06 12:0 a.m.•7 views

PT-2025-24225 · Unknown · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form versions 5.3.58 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Calculated Fields Form, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 5.3.5...

8.8CVSS4.6AI score0.0016EPSS

Exploits0References5

RedhatCVE•added 2025/05/23 4:40 a.m.•14 views

CVE-2023-0389

The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.8CVSS5.6AI score0.00473EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 3:29 a.m.•10 views

CVE-2023-26523

Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120...

4.3CVSS6.9AI score0.00313EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:17 a.m.•7 views

CVE-2023-51517

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28...

5.4CVSS6.7AI score0.00294EPSS

Exploits1References1

OSV•added 2025/05/15 8:15 p.m.•3 views

CVE-2024-13382

The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00266EPSS

Exploits1References1

NVD•added 2025/05/15 8:15 p.m.•8 views

CVE-2024-13382

4.8CVSS0.00266EPSS

Exploits1References1

Vulnrichment•added 2025/05/15 8:7 p.m.•7 views

CVE-2024-13382 Calculated Fields Form < 5.2.64 - Admin+ Stored XSS

4.7AI score0.00266EPSS

Exploits1References1

Cvelist•added 2025/05/15 8:7 p.m.•14 views

CVE-2024-13382 Calculated Fields Form < 5.2.64 - Admin+ Stored XSS

0.00266EPSS

Exploits1References1

CVE•added 2025/05/15 8:7 p.m.•38 views

CVE-2024-13382

CVE-2024-13382 – Calculated Fields Form (WordPress) is a stored XSS vulnerability in versions before 5.2.64 caused by insufficient sanitization/escaping of certain settings. Exploitation requires authenticated admin-level access (Admin+), and can occur even when unfiltered_html is disallowed (e.g...

4.8CVSS5.7AI score0.00266EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by