29 matches found
CVE-2026-32433
The CVE concerns WordPress plugin CP Contact Form with Paypal (cp-contact-form-with-paypal) version <= 1.3.61. It describes an SQL Injection vulnerability caused by improper neutralization of special elements in database queries, resulting in blind SQL Injection. Affected scope is CP Contact F...
CVE-2026-32433 WordPress CP Contact Form with Paypal plugin <= 1.3.61 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through = 1.3.61...
WordPress CP Contact Form with PayPal plugin <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation vulnerability
Missing Authorization to Unauthenticated Arbitrary Payment Confirmation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin CP Contact Form with Paypal versions = 1.3.56...
CVE-2025-13384 CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint via the 'cpcontactformppipncheck' query parameter that processes payment confirmations...
CVE-2025-13384 CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint via the 'cpcontactformppipncheck' query parameter that processes payment confirmations...
EUVD-2015-9087
Malware in sbrugna...
EUVD-2015-9086
Malware in sbrugna...
CVE-2024-13758
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cpcontactformpaypalcheckinitactions function. This makes it possible for unauthenticated...
CVE-2023-27460
Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34...
CVE-2015-9233
The cp-contact-form-with-paypal aka CP Contact Form with PayPal plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cpcontactformpp.php and cpcontactformppadminintlist.inc.php...
CVE-2019-14785
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cpcontactformpaypal.php=1 cpcontactformppid parameter...
CVE-2015-9234
The cp-contact-form-with-paypal aka CP Contact Form with PayPal plugin before 1.1.6 for WordPress has SQL injection via the cpcontactformppid parameter to cpcontactformpp.php...
CVE-2024-13758
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cpcontactformpaypalcheckinitactions function. This makes it possible for unauthenticated...
WordPress CP Contact Form with PayPal plugin <= 1.3.52 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Krzysztof Zając in WordPress Plugin CP Contact Form with Paypal versions = 1.3.52...
WordPress plugin CP Contact Form with PayPal 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress CP Contact Form with Paypal Plugin <= 1.3.34 is vulnerable to Other Vulnerability Type
Software CP Contact Form with Paypal Type Plugin Vulnerable versions = 1.3.34 Fixed in 1.3.35 OWASP Top 10 A5: Broken Access Control Classification Other Vulnerability Type CVE CVE-2023-27460 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b103753de482 Credits István Márto...
CVE-2019-14784
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition...
CVE-2019-14784
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition...
CVE-2019-14784
The CVE-2019-14784 entry applies to the WordPress plugin CP Contact Form with PayPal (pre-1.2.98). It contains an XSS in CSS edition vulnerability in the plugin’s admin/css handling, with PoC evidence showing input can be reflected in the admin interface. Affected versions are prior to 1.2.98; a ...
CVE-2019-14785
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cpcontactformpaypal.php&pwizard=1 cpcontactformppid parameter...