Codepeople

Calculated Fields Form

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-25368

  • EPSS 0.03%
  • Veröffentlicht 19.02.2026 08:26:59
  • Zuletzt bearbeitet 19.02.2026 20:25:38

Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through <= 5.4.4.1.

8.8

CVE-2025-49291

  • EPSS 0.03%
  • Veröffentlicht 06.06.2025 12:53:44
  • Zuletzt bearbeitet 02.07.2025 20:02:18

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58.

4.8

CVE-2024-13382

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:15:39
  • Zuletzt bearbeitet 23.05.2025 18:51:39

The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ...

4.8

CVE-2024-13381

Exploit
  • EPSS 0.17%
  • Veröffentlicht 01.05.2025 06:00:03
  • Zuletzt bearbeitet 07.05.2025 20:09:19

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ...

3.5

CVE-2024-12273

Exploit
  • EPSS 0.17%
  • Veröffentlicht 29.04.2025 06:00:02
  • Zuletzt bearbeitet 29.04.2025 21:05:10

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ...

5.3

CVE-2024-12601

  • EPSS 0.54%
  • Veröffentlicht 17.12.2024 12:15:20
  • Zuletzt bearbeitet 05.06.2025 15:30:01

The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attac...

4.3

CVE-2024-9940

  • EPSS 0.7%
  • Veröffentlicht 17.10.2024 02:15:04
  • Zuletzt bearbeitet 05.06.2025 16:40:26

The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthent...

4.3

CVE-2023-26523

  • EPSS 0.25%
  • Veröffentlicht 03.06.2024 22:15:10
  • Zuletzt bearbeitet 10.03.2025 18:04:58

Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120.

6.1

CVE-2024-29759

  • EPSS 0.2%
  • Veröffentlicht 27.03.2024 14:15:10
  • Zuletzt bearbeitet 10.03.2025 16:02:07

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.

6.1

CVE-2024-2020

  • EPSS 1.91%
  • Veröffentlicht 13.03.2024 16:15:31
  • Zuletzt bearbeitet 23.05.2025 14:44:02

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possi...