CVE-2024-9940

Name of the Vulnerable Software and Affected Versions Calculated Fields Form plugin for WordPress versions up to, and including, 5.2.45

Description The issue is due to the plugin not properly neutralizing HTML elements from submitted forms, making it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email.

Recommendations For versions up to, and including, 5.2.45, update to a version later than 5.2.45 to resolve the issue. As a temporary workaround, consider restricting access to form submissions to minimize the risk of exploitation.