CVE-2024-12601

Name of the Vulnerable Software and Affected Versions Calculated Fields Form plugin for WordPress versions up to, and including, 5.2.63

Description The issue is related to unlimited height and width parameters for CAPTCHA images, allowing unauthenticated attackers to send multiple requests with large values. This results in slowing server resources if the server does not mitigate Denial of Service attacks. The attackers can exploit this by sending requests with large values for the height and width parameters of the CAPTCHA images.

Recommendations For versions up to, and including, 5.2.63, update to a version higher than 5.2.63 to resolve the issue. As a temporary workaround, consider restricting access to the CAPTCHA image generation functionality to minimize the risk of exploitation. Restrict the height and width parameters for CAPTCHA images to prevent attackers from sending requests with large values.