Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Calculated Fields Form — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in Calculated Fields Form, with AI-generated Chinese analysis, references, and POCs.

This page documents known vulnerabilities and weaknesses associated with the Calculated Fields Form plugin, a popular WordPress extension developed by Acro Themes. It aggregates security issues identified in this specific product, focusing primarily on web application vulnerabilities such as cross-site scripting, unauthorized access, and injection flaws that may arise from inadequate input validation or poor access controls within the form generation logic. The collection includes detailed records of disclosed security incidents, ranging from early releases to recent updates, ensuring a comprehensive historical perspective on the plugin’s security posture over time. By centralizing these records, the page allows developers, security researchers, and site administrators to track the vendor’s advisory history and understand the evolution of specific weakness classes like IDOR or CSRF within the context of this tool. Users can explore the complete vulnerability history of Calculated Fields Form to assess potential risks, verify patch status, and compare security incidents across different versions. This resource serves as a reference for understanding the security landscape of the plugin, enabling informed decisions regarding updates, configuration hardening, and risk mitigation strategies. Whether you are auditing a site for compliance or researching common failure points in form-building tools, this page provides a structured overview of all recorded security defects without requiring prior knowledge of specific CVE identifiers.

Vendor: CodePeople

CVE IDTitleCVSSSeverityPublished
CVE-2026-3986 Calculated Fields Form <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings CWE-79 6.4 Medium2026-03-13
CVE-2026-25368 WordPress Calculated Fields Form plugin <= 5.4.4.1 - Broken Access Control vulnerability CWE-862 6.5 Medium2026-02-19
CVE-2025-49291 WordPress Calculated Fields Form plugin <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability CWE-352 4.3 Medium2025-06-06
CVE-2024-13382 Calculated Fields Form < 5.2.64 - Admin+ Stored XSS 4.8AIMediumAI2025-05-15
CVE-2024-13381 Calculated Fields Form < 5.2.62 - Admin+ Stored XSS 4.8AIMediumAI2025-05-01
CVE-2024-12273 Calculated Fields Form < 5.2.62 - Admin+ Stored XSS 4.8AIMediumAI2025-04-29
CVE-2024-12601 Calculated Fields Form <= 5.2.63 - Denial of Service CWE-400 5.3 Medium2024-12-17
CVE-2024-9940 Calculated Fields Form <= 5.2.45 - HTML Injection CWE-75 5.3 Medium2024-10-17
CVE-2023-26523 WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability CWE-862 4.3 Medium2024-06-03
CVE-2024-29759 WordPress Calculated Fields Form plugin <= 1.2.54 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-03-27
CVE-2024-2020 Calculated Fields Form Professional <= 5.1.56 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2024-03-13
CVE-2024-0963 Calculated Fields Form <= 1.2.52 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-02-02
CVE-2023-0389 Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields 4.8AIMediumAI2024-01-16
CVE-2023-6446 Calculated Fields Form <= 1.2.40 - Authenticated (Admin+) Stored Cross-Site Scripting CWE-87 4.4 Medium2024-01-11
CVE-2023-51517 WordPress Calculated Fields Form Plugin <= 1.2.28 is vulnerable to Open Redirection CWE-601 4.1 Medium2023-12-29

All 15 known CVE vulnerabilities affecting Calculated Fields Form with full Chinese analysis, references, and POCs where available.