Update March 13, 2019: Sucuri has published details of this vulnerability.
This update includes an important SECURITY fix that affects some Pro customers. If you do not have Caldera Forms Pro API keys activated, this issue does not affect you. Please contact support if you are a paying customer and have questions.
Details About Security Issue
Are You At Risk?
This is only an issue if you have Caldera Forms connected to the Caldera Forms Pro API.
What Can You Do?
- Conditionals were missing when variable pricing form template was used.
- Prevent form from attempting to render if it doesn’t exist, before that triggers a PHP notice.
- Consent field, with some settings, created a PHP notice.
- Datepicker did not look functional on some devices.
- Rangeslider fields, when used in calculations, caused UI lags.