What is CVE-2024-12601?

CVE-2024-12601 is a medium-severity vulnerability in Codepeople Calculated Fields Form, classified under Uncontrolled Resource Consumption. CVSS score: 5.3/10. Published 2024-12-17.

How severe is CVE-2024-12601?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2024-12601 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Codepeople Calculated Fields Form

CVE-2024-12601

The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenti…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.005 (67.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Codepeople Calculated Fields Form — versions 0

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-12601?: CVE-2024-12601 is a medium-severity vulnerability in Codepeople Calculated Fields Form, classified under Uncontrolled Resource Consumption. CVSS score: 5.3/10. Published 2024-12-17.
How severe is CVE-2024-12601?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-12601 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.