Contact Forms Builder

Source repositories

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2022-50959	Med	0.40	6.1	0.00		May 10, 2026	WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft malicious URLs to code_generator.php with script payloads in the form_id parameter to execute arbitrary JavaScript in victim browsers.

CVE-2022-50959MedMay 10, 2026
risk 0.40cvss 6.1epss 0.00
WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft malicious URLs to code_generator.php with script payloads in the form_id parameter to execute arbitrary JavaScript in victim browsers.