A vulnerability was found in codepeople Calculated Fields Form Plugin up to 5.4.5.0 on WordPress. It has been rated as problematic. Affected is an unknown function of the component Setting Handler. This manipulation causes cross site scripting.
This vulnerability appears as CVE-2026-3986. The attack may be initiated remotely. There is no available exploit.
