VYPR

Calculated Fields Form

by Codepeople

Source repositories

CVEs (11)

  • CVE-2024-2020HigMar 13, 2024
    risk 0.47cvss 7.2epss 0.01

    The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2024-29759HigMar 27, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.

  • CVE-2026-3986MedMar 13, 2026
    risk 0.42cvss 6.4epss 0.00

    The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization…

  • CVE-2024-0963MedFeb 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location'…

  • CVE-2025-49291MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through <= 5.3.58.

  • CVE-2023-51517MedDec 29, 2023
    risk 0.27cvss 4.1epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28.

  • CVE-2023-6446MedJan 11, 2024
    risk 0.22cvss 4.4epss 0.00

    The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-13381May 1, 2025
    risk 0.00cvss epss 0.00

    The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2024-12601Dec 17, 2024
    risk 0.00cvss epss 0.01

    The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple…

  • CVE-2024-9940Oct 17, 2024
    risk 0.00cvss epss 0.00

    The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject…

  • CVE-2023-26523Jun 3, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120.