CVE-2025-49291

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 73.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codepeople Calculated Fields Form

Timeline

PublishedJun 6

Description

Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through <= 5.3.58.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcodepeople/calculated_fields_form< 5.3.59

▶CVEListV5codepeople/calculated_fields_form5.3.58

🔴Vulnerability Details

CVEList

WordPress Calculated Fields Form plugin <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability↗2025-06-06

▶

GHSA

GHSA-3x47-pxw6-fmvq: Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery↗2025-06-06

▶