- Description
- The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-75
- Hype score
- Not currently trending
CVE-2024-9940 HTML Injection in WordPress Calculated Fields Form Plugin ... https://t.co/pUre46HqHI Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔔 ¡Alerta de seguridad! Detectada vulnerabilidad CVE-2024-9940 en el plugin "Calculated Fields Form" para WordPress. Todas las versiones hasta la 5.2.45 son susceptibles a inyecciones HTML debido a la falta de neutralización adecuada de elementos HTML en formularios enviados. 🚨
@antu_tech
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes