CVE-2024-0963 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2024-0963 is a medium-severity vulnerability found in the Calculated Fields Form plugin for WordPress, affecting versions up to and including 1.2.52. This vulnerability allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages, which will execute whenever a user accesses an injected page. The issue is caused by insufficient input sanitization and output escaping on the user-supplied 'location' attribute. Systems running the affected plugin versions are at risk.
How do I know if I'm affected?
If you're using the Calculated Fields Form plugin for WordPress, you might be affected by the CVE-2024-0963 vulnerability. This issue impacts all versions up to and including 1.2.52. To check if you're affected, simply verify the version of the plugin you have installed. If it's 1.2.52 or earlier, your system could be at risk. Keep in mind that this vulnerability allows attackers with contributor-level permissions or higher to inject harmful web scripts into pages, which can execute when a user visits the affected page.
What should I do if I'm affected by?
If you're affected by the this vulnerability, it's crucial to take action to protect your WordPress site. To resolve this issue, simply update the Calculated Fields Form plugin to version 1.2.53 or a newer patched version. This will help safeguard your site from potential security risks associated with this vulnerability.
Is CVE-2024-0963 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-0963 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as Stored Cross-Site Scripting in the Calculated Fields Form plugin for WordPress, was added to the National Vulnerability Database on 02/02/2024. There is no specific due date provided, but the recommended action is to apply a patch to fix the issue. In simpler terms, this security issue allows someone with certain access levels to insert harmful scripts into web pages, which can run when users visit those pages. Updating the plugin to version 1.2.53 or a newer patched version can help resolve this problem.
Weakness enumeration
The Weakness Enumeration for CVE-2024-0963 is identified as CWE-79, which refers to improper neutralization of input during web page generation, also known as Cross-site Scripting.
For more details
CVE-2024-0963 is a medium-severity vulnerability in the Calculated Fields Form plugin for WordPress, affecting versions up to 1.2.52. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-0963 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2024-0963 is a medium-severity vulnerability found in the Calculated Fields Form plugin for WordPress, affecting versions up to and including 1.2.52. This vulnerability allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages, which will execute whenever a user accesses an injected page. The issue is caused by insufficient input sanitization and output escaping on the user-supplied 'location' attribute. Systems running the affected plugin versions are at risk.
How do I know if I'm affected?
If you're using the Calculated Fields Form plugin for WordPress, you might be affected by the CVE-2024-0963 vulnerability. This issue impacts all versions up to and including 1.2.52. To check if you're affected, simply verify the version of the plugin you have installed. If it's 1.2.52 or earlier, your system could be at risk. Keep in mind that this vulnerability allows attackers with contributor-level permissions or higher to inject harmful web scripts into pages, which can execute when a user visits the affected page.
What should I do if I'm affected by?
If you're affected by the this vulnerability, it's crucial to take action to protect your WordPress site. To resolve this issue, simply update the Calculated Fields Form plugin to version 1.2.53 or a newer patched version. This will help safeguard your site from potential security risks associated with this vulnerability.
Is CVE-2024-0963 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-0963 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as Stored Cross-Site Scripting in the Calculated Fields Form plugin for WordPress, was added to the National Vulnerability Database on 02/02/2024. There is no specific due date provided, but the recommended action is to apply a patch to fix the issue. In simpler terms, this security issue allows someone with certain access levels to insert harmful scripts into web pages, which can run when users visit those pages. Updating the plugin to version 1.2.53 or a newer patched version can help resolve this problem.
Weakness enumeration
The Weakness Enumeration for CVE-2024-0963 is identified as CWE-79, which refers to improper neutralization of input during web page generation, also known as Cross-site Scripting.
For more details
CVE-2024-0963 is a medium-severity vulnerability in the Calculated Fields Form plugin for WordPress, affecting versions up to 1.2.52. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-0963 Report - Details, Severity, & Advisories
Twingate Team
•
May 13, 2024
CVE-2024-0963 is a medium-severity vulnerability found in the Calculated Fields Form plugin for WordPress, affecting versions up to and including 1.2.52. This vulnerability allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages, which will execute whenever a user accesses an injected page. The issue is caused by insufficient input sanitization and output escaping on the user-supplied 'location' attribute. Systems running the affected plugin versions are at risk.
How do I know if I'm affected?
If you're using the Calculated Fields Form plugin for WordPress, you might be affected by the CVE-2024-0963 vulnerability. This issue impacts all versions up to and including 1.2.52. To check if you're affected, simply verify the version of the plugin you have installed. If it's 1.2.52 or earlier, your system could be at risk. Keep in mind that this vulnerability allows attackers with contributor-level permissions or higher to inject harmful web scripts into pages, which can execute when a user visits the affected page.
What should I do if I'm affected by?
If you're affected by the this vulnerability, it's crucial to take action to protect your WordPress site. To resolve this issue, simply update the Calculated Fields Form plugin to version 1.2.53 or a newer patched version. This will help safeguard your site from potential security risks associated with this vulnerability.
Is CVE-2024-0963 in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-0963 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as Stored Cross-Site Scripting in the Calculated Fields Form plugin for WordPress, was added to the National Vulnerability Database on 02/02/2024. There is no specific due date provided, but the recommended action is to apply a patch to fix the issue. In simpler terms, this security issue allows someone with certain access levels to insert harmful scripts into web pages, which can run when users visit those pages. Updating the plugin to version 1.2.53 or a newer patched version can help resolve this problem.
Weakness enumeration
The Weakness Enumeration for CVE-2024-0963 is identified as CWE-79, which refers to improper neutralization of input during web page generation, also known as Cross-site Scripting.
For more details
CVE-2024-0963 is a medium-severity vulnerability in the Calculated Fields Form plugin for WordPress, affecting versions up to 1.2.52. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions