EUVD-2025-204247

Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through = 1.3.60...

CVE-2025-10019

Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through = 1.3.60...

CVE-2025-10019 WordPress Contact Form Email plugin <= 1.3.60 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through = 1.3.60...

PT-2025-51996

Name of the Vulnerable Software and Affected Versions codepeople Contact Form Email versions through 1.3.60 Description An authorization bypass exists in codepeople Contact Form Email due to incorrectly configured access control security levels. This allows exploitation through a user-controlled...

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Theme Activation

The plugin does not have authorisation and CSRF checks when activating themes, which could allow any authenticated user, such as subscriber to perform such action...