cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-0879,https://securityvulnerability.io/vulnerability/CVE-2022-0879,Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting,"The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting",Wordpress,Caldera Forms – More Than Contact Forms,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-04-18T17:10:39.000Z,0
CVE-2021-24896,https://securityvulnerability.io/vulnerability/CVE-2021-24896,Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting,"The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.",Wordpress,Caldera Forms – More Than Contact Forms,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-12-13T10:41:18.000Z,0