What the vulnerability does
01Description
The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
CVE-2022-2116
CVE-2022-2116: Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting
CVSS base score
—
Key dates
02Disclosure timeline
August 15, 2022
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-10945 nuz007 smsboom d.php cross site scripting
CVE-2024-41174 Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD
CVE-2019-12702 Cisco SPA100 Series Analog Telephone Adapters Reflected Cross-Site Scripting Vulnerability
CVE-2023-6830 Formidable Forms <= 6.7 - HTML Injection
CVE-2026-32635 Angular has XSS in i18n attribute bindings
