Overview
- Description
- The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-75
Social media
- Hype score
- Not currently trending
CVE-2024-9940 HTML Injection in WordPress Calculated Fields Form Plugin ... https://t.co/pUre46HqHI Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
馃敂 隆Alerta de seguridad! Detectada vulnerabilidad CVE-2024-9940 en el plugin "Calculated Fields Form" para WordPress. Todas las versiones hasta la 5.2.45 son susceptibles a inyecciones HTML debido a la falta de neutralizaci贸n adecuada de elementos HTML en formularios enviados. 馃毃
@antu_tech
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes