WordPress plugin Calculated Fields Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-13381

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12273

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13381 Calculated Fields Form < 5.2.62 - Admin+ Stored XSS

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13381

CVE-2024-13381 affects the WordPress plugin Calculated Fields Form. The issue is that settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disabled. The vulnerability is tied to versions before 5.2.62. Remediation: up...

WordPress plugin Calculated Fields Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-18362 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form WordPress plugin versions prior to 5.2.62 Description: The issue concerns the Calculated Fields Form WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege...

CVE-2024-12273

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12273 Calculated Fields Form < 5.2.62 - Admin+ Stored XSS

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-18137 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form WordPress plugin versions prior to 5.2.62 Description: The issue concerns the Calculated Fields Form WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege...

WordPress plugin Calculated Fields Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Calculated Fields Form plugin < 5.2.64 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Calculated Fields Form versions 5.2.64...

CVE-2024-29759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54...

CVE-2024-12601

The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large value...

CVE-2024-12601

CVE-2024-12601 is a confirmed Denial of Service vulnerability in the WordPress plugin Calculated Fields Form . The issue stems from unlimited height/width CAPTCHA parameters, enabling unauthenticated attackers to send oversized CAPTCHA requests and exhaust server resources. Affected software: Cal...

CVE-2024-12601 Calculated Fields Form <= 5.2.63 - Denial of Service

The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large value...

WordPress Calculated Fields Form plugin <= 5.2.63 - Denial of Service vulnerability

Denial of Service vulnerability discovered by Max Boll b0lli in WordPress Plugin Calculated Fields Form versions = 5.2.63...

WordPress plugin Calculated Fields Form 资源管理错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A resource management error...

PT-2024-17672 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form plugin for WordPress versions up to, and including, 5.2.63 Description: The issue is related to unlimited height and width parameters for CAPTCHA images, allowing unauthenticated attackers to send multiple requests with...

CVE-2024-9940

The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that...