The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...
8.8CVSS
8.9AI Score
0.001EPSS
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than...
6.1CVSS
5.8AI Score
0.001EPSS
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than...
6.1CVSS
5.8AI Score
0.001EPSS
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on...
5.4CVSS
5.5AI Score
0.001EPSS
The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site...
6.1CVSS
6AI Score
0.001EPSS
An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is...
8.8CVSS
8.8AI Score
0.001EPSS
An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated...
6.1CVSS
6.1AI Score
0.001EPSS
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin...
8.1CVSS
7.8AI Score
0.001EPSS
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band...
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and...
8.8CVSS
8.9AI Score
0.001EPSS
The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or...
8.8CVSS
8.8AI Score
0.006EPSS
5.4CVSS
5.2AI Score
0.001EPSS
auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host...
5.3CVSS
5.4AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported...
4.8CVSS
5.1AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2)...
8.8AI Score
0.001EPSS
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted...
6.9AI Score
0.006EPSS
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC...
7.9AI Score
0.003EPSS
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4)...
6.9AI Score
0.003EPSS