CVE-2022-0879

CVE-2022-0879: Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

Vendor Unknown

Product Caldera Forms – More Than Contact Forms

Weakness CWE-79 · XSS

Published April 18, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

April 18, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0879 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-9137 Scada-LTS scheduled_events.shtm cross site scripting CVE-2025-50040 WordPress CF7 Spreadsheets Plugin <= 2.3.2 - Cross Site Scripting (XSS) Vulnerability CVE-2024-0226 Stored Cross-Site Scripting in Synopsys Seeker CVE-2025-57998 WordPress E-namad & Shamed Logo Manager Plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability CVE-2019-1661 Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability