CVE-2022-0879: 
WordPress vulnerability analysis and mitigation

The vulnerability identified as CVE-2022-0879 affects the Caldera Forms WordPress plugin versions before 1.9.7. The issue was discovered and publicly disclosed on March 28, 2022. This security flaw involves a Reflected Cross-Site Scripting (XSS) vulnerability in the plugin's handling of the cf-api parameter (WPScan, NVD).

The vulnerability stems from improper validation and escaping of the cf-api parameter before it is output back in the response. The issue has been assigned a CVSS score of 4.7 (medium severity) and is classified under CWE-79. The vulnerability is specifically categorized as an A7: Cross-Site Scripting (XSS) issue according to the OWASP Top 10 (WPScan).

The vulnerability can be exploited to execute cross-site scripting attacks, but only under specific conditions when there are no forms created yet in the Caldera Forms installation. This limitation somewhat reduces the potential impact of the vulnerability (WPScan).

The vulnerability has been fixed in Caldera Forms version 1.9.7. Users are advised to update their installations to this version or later to mitigate the security risk (WPScan).