Calculated Fields Form

Vulnerabilities 19Slug calculated-fields-formLatest version 5.4.7.3WordPress.org →

Minimum safe version

5.4.5.1

Update to 5.4.5.1 or later to address 19 fixable vulnerabilities

Latest available5.4.7.3 ✓

N/A

2026-03-12< 5.4.5.1

Calculated Fields Form <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings

Wordfence CVE

Medium 6.5

2026-02-19< 5.4.4.2

CVE-2026-25368

CVE Wordfence

High 8.8

2025-06-06< 5.3.59

CVE-2025-49291

CVE EUVD Wordfence

Medium 4.8

2025-05-15< 5.2.64

CVE-2024-13382

CVE EUVD Wordfence

Medium 4.8

2025-05-01< 5.2.62

CVE-2024-13381

CVE EUVD Wordfence

Low 3.5

2025-04-29< 5.2.62

CVE-2024-12273

CVE Wordfence

Medium 5.3

2024-12-17< 5.2.64

CVE-2024-12601

CVE Patchstack Wordfence

Medium 4.3

2024-10-17< 5.2.46

CVE-2024-9940

CVE Wordfence Patchstack

High 7.1

2024-03-27< 1.2.55

CVE-2024-29759

CVE Wordfence Patchstack WPScan

Medium 6.1

2024-03-13< 5.1.57

CVE-2024-2020

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-02-02< 1.2.53

CVE-2024-0963

CVE Wordfence Patchstack WPScan

Medium 4.1

2024-12-27< 1.2.29

WordPress Calculated Fields Form Plugin <= 1.2.28 is vulnerable to Open Redirection

Patchstack CVE Wordfence WPScan

Medium 4.8

2024-01-11< 1.2.41

CVE-2023-6446

CVE Patchstack Wordfence WPScan

Medium 4.3

2024-06-03< 1.1.121

CVE-2023-26523

CVE Wordfence Wordfence Patchstack

Medium 4.8

2024-01-16< 1.1.151

CVE-2023-0389

CVE Wordfence WPScan

N/A

2015-03-02< 1.0.12

Calculated Fields Form <= 1.0.11 - Cross-Site Request Forgery to SQL Injection

Wordfence

N/A

< 1.0.12

Calculated Fields Form <= 1.0.10 - SQL Injection via CSRF

WPScan

N/A

2015-03-02< 1.0.11

WordPress Calculated Fields Form Plugin <= 1.0.10 - Remote SQL Injection

Patchstack

Medium 5.4

2020-01-22< 1.0.354

CVE-2020-7228

CVE Patchstack Wordfence WPScan