CVE-2022-2116: 
WordPress vulnerability analysis and mitigation

The Contact Form DB WordPress plugin (versions before 1.8.0) contains a Reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2022-2116. The vulnerability was discovered by ZhongFu Su(JrXnm) of WuHan University and was publicly disclosed on July 19, 2022. The issue affects the sb-elementor-contact-form-db plugin, which fails to properly sanitize and escape certain parameters before outputting them back in attributes (WPScan).

The vulnerability has been assigned a CVSS score of 6.1 (medium severity) and is classified as a Cross-Site Scripting (XSS) vulnerability under CWE-79. The issue occurs when the plugin fails to sanitize and escape parameters before returning them in attributes. The vulnerability can be exploited when there is at least one submission, through specific URL parameters in the admin dashboard (WPScan).

When exploited, this Reflected Cross-Site Scripting vulnerability could allow attackers to inject malicious scripts that execute in the context of other users' browsers who access the affected pages. This could potentially lead to theft of sensitive information or unauthorized actions performed on behalf of the victim (NVD).

The vulnerability has been fixed in version 1.8.0 of the Contact Form DB plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).