CVE-2024-9940 Calculated Fields Form <= 5.2.45 - HTML Injection

The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that...

CVE-2024-9940

CVE-2024-9940 affects the WordPress plugin Calculated Fields Form (versions

WordPress plugin Calculated Fields Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Calculated Fields Form plugin <= 5.2.45 - HTML Injection vulnerability

HTML Injection vulnerability discovered by Max Boll b0lli in WordPress Plugin Calculated Fields Form versions = 5.2.45...

PT-2024-39953 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form plugin for WordPress versions up to, and including, 5.2.45 Description: The issue is due to the plugin not properly neutralizing HTML elements from submitted forms, making it possible for unauthenticated attackers to...

WordPress Calculated Fields Form Plugin <= 5.2.45 is vulnerable to Content Injection

Software Calculated Fields Form Type Plugin Vulnerable versions = 5.2.45 Fixed in 5.2.46 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-9940 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bb237d0845c6 Credits Max Boll b0lli Required privile...

CVE-2023-26523

Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120...

CVE-2023-26523

Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120...

CVE-2023-26523 WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability

Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120...

CVE-2023-26523 WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability

Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120...

CVE-2024-29759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54...

CVE-2024-29759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54...

CVE-2024-29759

CVE-2024-29759 affects WordPress plugin Calculated Fields Form (CodePeople). Affected versions: up to 1.2.54. Root cause: improper neutralization of input during web page generation, enabling Reflected XSS. Public exploit details are not provided in the connected documents. No remediation details...

CVE-2024-29759 WordPress Calculated Fields Form plugin <= 1.2.54 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54...

CVE-2024-29759 WordPress Calculated Fields Form plugin <= 1.2.54 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54...

WordPress Plugin Calculated Fields Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Calculated Fields Form Plugin <= 1.2.54 is vulnerable to Cross Site Scripting (XSS)

Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.54 Fixed in 1.2.55 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29759 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 65b9391ce7f8 Credits Rafie Muhammad Patchsta...

CVE-2024-2020

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-2020

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-2020 Calculated Fields Form Professional <= 5.1.56 - Unauthenticated Stored Cross-Site Scripting

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...