cleantalk
Vulnerabilities and Security Researches

Calculated Fields Form, CVE-2024-13381

CVE, Research URL

CVE-2024-13381

Home page URL

Security reports for Calculated Fields Form

Application

Calculated Fields Form

Published on
May 01, 2025
Research Description
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 5.2.62.
Status
vulnerable
Previous vulnerability researches
Simple Download Monitor (CVE-2025-24663) , Jan 26, 2025
Simple Download Monitor (CVE-2018-5212) , Jun 07, 2024
Simple Download Monitor (CVE-2021-24692) , Jun 07, 2024
Simple Download Monitor (CVE-2021-24694) , Jun 07, 2024
Simple Download Monitor (CVE-2021-24696) , Jun 07, 2024
New vulnerability
Database Toolset (CVE-2025-4222) , May 04, 2025
GmapsMania (CVE-2025-4131) , May 04, 2025
FULL – Cliente (CVE-2024-12023) , May 04, 2025
Flynax Bridge (CVE-2025-4179) , May 04, 2025
Flynax Bridge (CVE-2025-4177) , May 04, 2025