WordPress Plugin Vulnerabilities

Calculated Fields Form < 1.0.12 - SQL Injection via CSRF

Description

The Calculated Fields Form WordPress plugin was affected by a SQL Injection via CSRF security vulnerability.

Affects Plugins

Plugin icon
calculated-fields-form
Fixed in 1.0.12

References

Exploitdb
36230
URL
https://packetstormsecurity.com/files/#130603/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
594644fe-b2df-4137-a4b3-aeef6e7740c8

Timeline

Publicly Published
2015-03-02 (about 11 years ago)
Added
2015-03-02 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2015-03-13
Title
WooCommerce 2.3 - 2.3.5 - SQL Injection
Published
2015-07-16
Title
NEX-Forms < 4.6.1 - Unauthenticated Blind SQL Injection
Published
2025-03-02
Title
Pods < 3.2.8.2 - Admin+ SQL Injection
Published
2018-05-27
Title
Membermouse < 2.2.9 - Blind SQL Injection
Published
2026-02-17
Title
Wolmart Core < 1.9.7 - Unauthenticated SQL Injection