CVE-2022-2187
published 2022-07-17CVE-2022-2187: The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which…
PriorityP333medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.28%
66.3th percentile
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contact_form_7_captcha_project | contact_form_7_captcha | < 0.1.2 | 0.1.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-2187 [MEDIUM] WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
WordPress Contact Form 7 Captcha alert(document.domain)'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "alert(document.domain)"
- "Contact Form 7"
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a0047304502210097076131e1d2135c069c226188d90ec1f0c72b31c08626886114aa33336fd0a7022039fcb776fd7cbb38c0ad4e357a38cad0624652057ffe0e538b04990ed8374cdd:922c64590222798bb761d5b6d8e72950
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2022-50822 kernel: Linux kernel: Memory leak in RDMA restrack leads to Denial of Service
bugzilla·2025-12-30
CVE-2022-50822 [MEDIUM] CVE-2022-50822 kernel: Linux kernel: Memory leak in RDMA restrack leads to Denial of Service
CVE-2022-50822 kernel: Linux kernel: Memory leak in RDMA restrack leads to Denial of Service
In the Linux kernel, the following vulnerability has been resolved:
RDMA/restrack: Release MR restrack when delete
The MR restrack also needs to be released when delete it, otherwise it
cause memory leak as the task struct won't be released.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025123016-CVE-2022-50822-2187@gregkh/T
2022-07-17
Published