The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
CPE | Name | Operator | Version |
---|---|---|---|
cp_contact_form_with_paypal | lt | 1.1.6 |