ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Calculated Fields Form plugin <= 1.0.353 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Product
Calculated Fields Form
Description
Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by Ben Armstrong (Spider Sec Ltd) in WordPress Calculated Fields Form plugin (versions <= 1.0.353).
Solution
Update the WordPress Calculated Fields Form plugin to the latest available version (at least 1.0.354)
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2020-7228
Versions
Affected In <= 1.0.353
Fixed In 1.0.354
Disclosure date
2020-01-22
Credits
Ben Armstrong (Spider Sec Ltd)
Submitter
ThreatPress