CVE-2018-20964
CVE-2018-20964 affects the WordPress plugin contact-form-to-email, versions prior to 1.2.66. Root cause: CSRF in the plugin. Impact per CVSS: HIGH (CVSS‑3.0 base 8.8; CVSS‑2.0 base 6.8). Remediation: upgrade to version 1.2.66 or later to mitigate the vulnerability.