3 matches found
CVE-2024-0963
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CPCALCULATEDFIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it...
CVE-2024-0963
The CVE-2024-0963 entry relates to the WordPress plugin Calculated Fields Form. It describes a Stored Cross-Site Scripting (XSS) flaw in the CP_CALCULATED_FIELDS shortcode, exploitable via the location attribute by authenticated users with contributor-level or higher permissions. Affected version...
WordPress Calculated Fields Form Plugin <= 1.2.52 is vulnerable to Cross Site Scripting (XSS)
Software Calculated Fields Form Type Plugin Vulnerable versions = 1.2.52 Fixed in 1.2.53 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 51ba9c951440 Credits Richard Telleng...