8.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
65.1%
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
seclists.org/fulldisclosure/2015/Jul/49
seclists.org/oss-sec/2015/q3/88
wordpress.org/plugins/cp-contact-form-with-paypal/#developers