2 matches found
CVE-2022-0879
The CVE-2022-0879 entry concerns the Caldera Forms WordPress plugin prior to version 1.9.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by the plugin not validating and escaping the cf-api parameter before echoing it in responses. Affected component: cf-api handling in Cald...
CVE-2021-24896
The CVE-2021-24896 entry concerns the WordPress Caldera Forms plugin prior to 1.9.5. The vulnerability arises because the plugin fails to sanitise and escape the Form Name before outputting it in HTML attributes, enabling Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_htm...