CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

Caldera Forms WordPress plugin 1.9.7 contains a reflected cross-site scripting caused by lack of validation and escaping of the cf-api parameter in responses, letting attackers execute arbitrary scripts in victim's browser, exploit requires attacker to craft a malicious request. id: CVE-2022-0879...

6.1CVSS6.4AI score0.00453EPSS

Exploits2References3

RedhatCVE•added 2026/01/09 10:45 a.m.•2 views

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.00453EPSS

Exploits2References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-15916

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00453EPSS

Exploits2References1

ATTACKERKB•added 2022/04/18 6:15 p.m.•2 views

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00453EPSS

Exploits2References2

OSV•added 2022/04/18 6:15 p.m.•2 views

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00453EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by