Ghostwire
Home / Vulnerabilities / CVE-2022-50959

CVE-2022-50959: WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated...

MEDIUM CVSS 6.1 Exploit Available

Published: May 10, 2026 | Last Modified: May 10, 2026

Description

WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft malicious URLs to code_generator.php with script payloads in the form_id parameter to execute arbitrary JavaScript in victim browsers.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

CVE Feed
CVE-2022-50959 - WordPress Contact Form Builder 1.6.1 Cross-Site Scripting via code_generator.php

References