Vulnerability Description
The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codepeople | Calculated Fields Form | <= 1.0.353 |
Related Weaknesses (CWE)
References
- https://spider-security.co.uk/blog-cve-2020-7228Third Party Advisory
- https://wordpress.org/plugins/calculated-fields-form/#developersThird Party Advisory
- https://wpvulndb.com/vulnerabilities/10043Third Party Advisory
- https://spider-security.co.uk/blog-cve-2020-7228Third Party Advisory
- https://wordpress.org/plugins/calculated-fields-form/#developersThird Party Advisory
- https://wpvulndb.com/vulnerabilities/10043Third Party Advisory
FAQ
What is CVE-2020-7228?
CVE-2020-7228 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.
How severe is CVE-2020-7228?
CVE-2020-7228 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7228?
Check the references section above for vendor advisories and patch information. Affected products include: Codepeople Calculated Fields Form.