13 matches found
CVE-2020-7228
CVE-2020-7228 affects WordPress Calculated Fields Form plugin (versions
CVE-2024-12273
CVE-2024-12273 – Affected software: WordPress plugin Calculated Fields Form (versions
CVE-2024-29759
CVE-2024-29759 affects WordPress plugin Calculated Fields Form (CodePeople). Affected versions: up to 1.2.54. Root cause: improper neutralization of input during web page generation, enabling Reflected XSS. Public exploit details are not provided in the connected documents. No remediation details...
CVE-2024-9940
CVE-2024-9940 affects the WordPress plugin Calculated Fields Form (versions
CVE-2023-26523
CVE-2023-26523 affects the WordPress plugin Calculated Fields Form (versions up to 1.1.120). The root cause is Missing Authorization, enabling functionality misuse through feedback submission. Public reports describe the vulnerability as a Missing Authorization issue in Calculated Fields Form tha...
CVE-2024-2020
CVE-2024-2020 affects the Calculated Fields Form plugin for WordPress. It enables Stored XSS via the form page href parameter in versions up to 5.1.56 due to insufficient input sanitization and output escaping. Exploitation is possible by unauthenticated attackers and would trigger when users vis...
CVE-2024-12601
CVE-2024-12601 is a confirmed Denial of Service vulnerability in the WordPress plugin Calculated Fields Form . The issue stems from unlimited height/width CAPTCHA parameters, enabling unauthenticated attackers to send oversized CAPTCHA requests and exhaust server resources. Affected software: Cal...
CVE-2024-13381
CVE-2024-13381 affects the WordPress plugin Calculated Fields Form. The issue is that settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disabled. The vulnerability is tied to versions before 5.2.62. Remediation: up...
CVE-2023-0389
CVE-2023-0389 affects the Calculated Fields Form WordPress plugin up to version 1.1.150 (fixed in 1.1.151+). The issue is insufficient sanitisation/escaping of certain form settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins), potentially in multisite setups. Reme...
CVE-2025-49291
CVE-2025-49291 is a CSRF vulnerability in Calculated Fields Form. The issue affects the plugin for WordPress versions from unspecified earliest up to v5.3.58. NVD’s entry lists a high base CVSS v3.1 of 8.8 (CONF: HIGH, IMPACT: HIGH) with attack vector NETWORK and user interaction REQUIRED, indica...
CVE-2024-0963
The CVE-2024-0963 entry relates to the WordPress plugin Calculated Fields Form. It describes a Stored Cross-Site Scripting (XSS) flaw in the CP_CALCULATED_FIELDS shortcode, exploitable via the location attribute by authenticated users with contributor-level or higher permissions. Affected version...
CVE-2023-51517
The CVE-2023-51517 vulnerability affects the WordPress Calculated Fields Form plugin, with vulnerable versions listed as
CVE-2024-13382
CVE-2024-13382 – Calculated Fields Form (WordPress) is a stored XSS vulnerability in versions before 5.2.64 caused by insufficient sanitization/escaping of certain settings. Exploitation requires authenticated admin-level access (Admin+), and can occur even when unfiltered_html is disallowed (e.g...