Unrated severityNVD Advisory· Published Jan 16, 2024· Updated Jun 20, 2025

Superforms < 6.0.4 - Reflected Cross-Site Scripting

CVE-2022-0402

Description

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking CSRF, making the attack easier to perform against any user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Super Forms - Drag & Drop Form Builderdescription
WordPress/Super Formsllm-create
Range: < 6.0.4

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/2e2e2478-2488-4c91-8af8-69b07783854f/mitreexploitvdb-entrytechnical-description
github.com/RensTillmann/super-forms/commit/c19d65abbe43d9b6359c1bf3498dc697d0c19d02mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000