CVE-2022-50959

Name of the Vulnerable Software and Affected Versions WordPress Contact Form Builder version 1.6.1

Description A reflected cross-site scripting issue allows unauthenticated attackers to inject malicious scripts. This is achieved by sending crafted URLs to the 'code generator.php' endpoint using the form id parameter, which enables the execution of arbitrary JavaScript in the victim's browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.