2 matches found
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
Caldera Forms WordPress plugin 1.9.7 contains a reflected cross-site scripting caused by lack of validation and escaping of the cf-api parameter in responses, letting attackers execute arbitrary scripts in victim's browser, exploit requires attacker to craft a malicious request. id: CVE-2022-0879...
CVE-2022-0879
The CVE-2022-0879 entry concerns the Caldera Forms WordPress plugin prior to version 1.9.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by the plugin not validating and escaping the cf-api parameter before echoing it in responses. Affected component: cf-api handling in Cald...