The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
8.8CVSS
8.6AI Score
0.002EPSS
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.
6.1CVSS
6AI Score
0.001EPSS
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter.
5.4CVSS
5.3AI Score
0.001EPSS