CVE-2024-12601

EPSS 0.54%
Veröffentlicht 17.12.2024 12:15:20
Zuletzt bearbeitet 05.06.2025 15:30:01
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Calculated Fields Form <= 5.2.63 - Denial of Service

The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks.

Mögliche Gegenmaßnahme

Calculated Fields Form: Update to version 5.2.64, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Calculated Fields Form

Version *-5.2.63

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Codepeople ≫ Calculated Fields Form SwPlatformwordpress Version < 5.2.64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.669

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L74

Product

https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L75

Product

https://plugins.trac.wordpress.org/changeset/3207826/

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/1eade2ed-9a75-4857-a2c5-a21e016e7029?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/1eade2ed-9a75-4857-a2c5-a21e016e7029

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-12601

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12601

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12601

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-12601