Medium severity5.3NVD Advisory· Published Oct 17, 2024· Updated Jun 17, 2026
CVE-2024-9940
CVE-2024-9940
Description
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<=5.2.45+ 1 more
- (no CPE)range: <=5.2.45
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changesetnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/e2c9f6a5-8698-4452-bf0a-c1d796b2fdadnvdThird Party Advisory
News mentions
0No linked articles in our index yet.