2 results (0.024 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en CodePeople Calculated Fields Form permite el XSS reflejado. Este problema afecta el formulario de campos calculados: desde n/a hasta 1.2.54. The Calculated Fields Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/calculated-fields-form/wordpress-calculated-fields-form-plugin-1-2-54-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120. La vulnerabilidad de falta de autorización en CodePeople Calculated Fields Form permite un uso indebido de la funcionalidad. Este problema afecta a Calculated Fields Form: desde n/a hasta 1.1.120. The Calculated Fields Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.120. This is due to missing or incorrect nonce validation on the feedback_action function. • https://patchstack.com/database/vulnerability/calculated-fields-form/wordpress-calculated-fields-form-plugin-1-1-120-missing-authorization-leading-to-feedback-submission-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •