What is the severity of CVE-2023-26523?

CVE-2023-26523 is a high-severity vulnerability due to its missing authorization that allows functionality misuse in the CodePeople Calculated Fields Form.

How do I fix CVE-2023-26523?

To fix CVE-2023-26523, update the CodePeople Calculated Fields Form plugin to the latest version beyond 1.1.120, ensuring that proper authorization measures are in place.

What specific software versions are affected by CVE-2023-26523?

CVE-2023-26523 affects both CodePeople Calculated Fields Form and WordPress Calculated Fields Form versions up to and including 1.1.120.

What type of attacks can CVE-2023-26523 lead to?

CVE-2023-26523 can lead to functionality misuse, which may allow unauthorized feedback submissions on affected forms.

Is there a workaround for CVE-2023-26523 if I can't update immediately?

A temporary workaround for CVE-2023-26523 involves disabling the affected plugin until an update can be applied to mitigate the risks.

Vulnerability/
CVE-2023-26523

medium

4.3

CWE

862

3/6/2024

10/3/2025

CVE-2023-26523: WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability

First published: Mon Jun 03 2024(Updated: )

Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120.

Credit: audit@patchstack.com

Affected Software	Affected Version	How to fix
CodePeople Calculated Fields Form	<1.1.121
CodePeople Calculated Fields Form	<=1.1.120
CodePeople Calculated Fields Form	<=1.1.120

Remedy

Update to 1.1.121 or a higher version.

Never miss a vulnerability like this again

Reference Links

https://patchstack.com/database/vulnerability/calculated-fields-form/wordpress-calculated-fields-form-plugin-1-1-120-missing-authorization-leading-to-feedback-submission-vulnerability?_s_id=cve

Frequently Asked Questions

What is the severity of CVE-2023-26523?
CVE-2023-26523 is a high-severity vulnerability due to its missing authorization that allows functionality misuse in the CodePeople Calculated Fields Form.
How do I fix CVE-2023-26523?
To fix CVE-2023-26523, update the CodePeople Calculated Fields Form plugin to the latest version beyond 1.1.120, ensuring that proper authorization measures are in place.
What specific software versions are affected by CVE-2023-26523?
CVE-2023-26523 affects both CodePeople Calculated Fields Form and WordPress Calculated Fields Form versions up to and including 1.1.120.
What type of attacks can CVE-2023-26523 lead to?
CVE-2023-26523 can lead to functionality misuse, which may allow unauthorized feedback submissions on affected forms.
Is there a workaround for CVE-2023-26523 if I can't update immediately?
A temporary workaround for CVE-2023-26523 involves disabling the affected plugin until an update can be applied to mitigate the risks.

agent/title
agent/remedy
agent/weakness
agent/references
agent/description
agent/type
agent/first-publish-date
agent/severity
agent/author
collector/mitre-cve
source/MITRE
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/event
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup-request
vendor/codepeople
canonical/codepeople calculated fields form
vendor/wordpress

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.