CVSS: 4.4EPSS: %CPEs: 1EXPL: 0CVE-2024-13382 – Calculated Fields Form <= 5.2.63 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13382
02 Mar 2025 — The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.2.63 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been d... • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29759 – WordPress Calculated Fields Form plugin <= 1.2.54 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29759
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en CodePeople Calculated Fields Form permite el XSS reflejado. Este problema afecta el formulario de campos calculados: desde n/a hasta 1.2.54. The Calculated Field... • https://patchstack.com/database/vulnerability/calculated-fields-form/wordpress-calculated-fields-form-plugin-1-2-54-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26523 – WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability
https://notcve.org/view.php?id=CVE-2023-26523
02 Mar 2023 — Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120. La vulnerabilidad de falta de autorización en CodePeople Calculated Fields Form permite un uso indebido de la funcionalidad. Este problema afecta a Calculated Fields Form: desde n/a hasta 1.1.120. The Calculated Fields Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.120. This is du... • https://patchstack.com/database/vulnerability/calculated-fields-form/wordpress-calculated-fields-form-plugin-1-1-120-missing-authorization-leading-to-feedback-submission-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •