Vulnerability Details CVE-2022-2187
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Exploit prediction scoring system (EPSS) score
EPSS Score 0.078
EPSS Ranking 91.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2022-2187
-
cpe:2.3:a:contact_form_7_captcha_project:contact_form_7_captcha:-
-
cpe:2.3:a:contact_form_7_captcha_project:contact_form_7_captcha:0.0.9