Calculated Fields Form

Source repositories

https://plugins.svn.wordpress.org/calculated-fields-form

CVEs (10)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-2020	Codepeople Calculated Fields Form	Hig	0.47	7.2	0.02	Mar 13, 2024	The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…
CVE-2024-29759	Codepeople Calculated Fields Form	Hig	0.46	7.1	0.00	Mar 27, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.
CVE-2026-3986	Codepeople Calculated Fields Form	Med	0.42	6.4	0.00	Mar 13, 2026	The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization…
CVE-2024-0963	Codepeople Calculated Fields Form	Med	0.35	6.4	0.00	Feb 2, 2024	The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location'…
CVE-2023-6446	Codepeople Calculated Fields Form	Med	0.22	4.4	0.00	Jan 11, 2024	The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
CVE-2024-13382	WordPress Calculated Fields Form		0.00	—	0.00	May 15, 2025	The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
CVE-2024-13381	Calculated Fields Form Calculated Fields Form		0.00	—	0.00	May 1, 2025	The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
CVE-2024-12273	WordPress Calculated Fields Form		0.00	—	0.00	Apr 29, 2025	The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
CVE-2024-9940	Codepeople Calculated Fields Form		0.00	—	0.01	Oct 17, 2024	The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject…
CVE-2023-0389	WordPress Calculated Fields Form		0.00	—	0.00	Jan 16, 2024	The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…

CVE-2024-2020HigMar 13, 2024
Codepeople
Calculated Fields Form
risk 0.47cvss 7.2epss 0.02
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…
CVE-2024-29759HigMar 27, 2024
Codepeople
Calculated Fields Form
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.
CVE-2026-3986MedMar 13, 2026
Codepeople
Calculated Fields Form
risk 0.42cvss 6.4epss 0.00
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization…
CVE-2024-0963MedFeb 2, 2024
Codepeople
Calculated Fields Form
risk 0.35cvss 6.4epss 0.00
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location'…
CVE-2023-6446MedJan 11, 2024
Codepeople
Calculated Fields Form
risk 0.22cvss 4.4epss 0.00
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
CVE-2024-13382May 15, 2025
WordPress
Calculated Fields Form
risk 0.00cvss —epss 0.00
The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
CVE-2024-13381May 1, 2025
Calculated Fields Form
Calculated Fields Form
risk 0.00cvss —epss 0.00
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
CVE-2024-12273Apr 29, 2025
WordPress
Calculated Fields Form
risk 0.00cvss —epss 0.00
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
CVE-2024-9940Oct 17, 2024
Codepeople
Calculated Fields Form
risk 0.00cvss —epss 0.01
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject…
CVE-2023-0389Jan 16, 2024
WordPress
Calculated Fields Form
risk 0.00cvss —epss 0.00
The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…