5.3

CVE-2024-12601

Calculated Fields Form <= 5.2.63 - Denial of Service

Calculated Fields Form <= 5.2.63 - Denial of Service

The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks.
Mögliche Gegenmaßnahme
Calculated Fields Form: Update to version 5.2.64, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CodepeopleCalculated Fields Form SwPlatformwordpress Version < 5.2.64
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Calculated Fields Form
Version *-5.2.63
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.54% 0.413
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L74
Product
https://plugins.trac.wordpress.org/browser/calculated-fields-form/trunk/captcha/captcha.php#L75
Product
https://plugins.trac.wordpress.org/changeset/3207826/
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/1eade2ed-9a75-4857-a2c5-a21e016e7029?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/1eade2ed-9a75-4857-a2c5-a21e016e7029
Third Party Advisory