10 matches found
CVE-2025-24727
CVE-2025-24727 affects the WordPress plugin Contact Form Email (CodePeople) up to v1.3.52. The description confirms a stored XSS due to improper input neutralization during web page generation. Multiple sources in the connected set (NVD, CVE lists, Red Hat advisory) corroborate the vulnerability;...
CVE-2024-31302
CVE-2024-31302 affects the Contact Form Email plugin by CodePeople for WordPress. The vulnerability is described as an unauthenticated exposure of sensitive information via the plugin’s Contact Form Email feature, impacting versions from n/a up to 1.3.44. Public records in this set indicate an In...
CVE-2023-48318
CVE-2023-48318 is a CAPTCHA bypass vulnerability in WordPress plugin Contact Form Email (
CVE-2023-5955
CVE-2023-5955 affects the WordPress plugin Contact Form Email up to version 1.3.44 . The issue arises because the plugin does not adequately sanitize and escape certain settings, enabling stored XSS via an exploited admin/editor action, including scenarios where the unfiltered_html capability is ...
CVE-2018-20963
CVE-2018-20963 affects the WordPress plugin contact-form-to-email , versions prior to 1.2.66. The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient validation of client-side data in the plugin, enabling an attacker to execute arbitrary script in a victim’s browser. Public ...
CVE-2023-2718
The CVE-2023-2718 entry covers the WordPress plugin Contact Form Email, affected versions prior to 1.3.38, which fails to escape submitted values before HTML output, causing an unauthenticated Stored XSS. Root cause: input is echoed without escaping. Impact: stored XSS on pages rendering form sub...
CVE-2018-20964
CVE-2018-20964 affects the WordPress plugin contact-form-to-email, versions prior to 1.2.66. Root cause: CSRF in the plugin. Impact per CVSS: HIGH (CVSS‑3.0 base 8.8; CVSS‑2.0 base 6.8). Remediation: upgrade to version 1.2.66 or later to mitigate the vulnerability.
CVE-2021-42361
The CVE-2021-42361 issue affects the WordPress Contact Form Email plugin (versions up to 1.3.24). The root cause is insufficient input validation/escaping of the name parameter in cp-admin-int-list.inc.php, enabling stored XSS when an attacker has administrative privileges on multi-site installat...
CVE-2019-9646
CVE-2019-9646 concerns the WordPress plugin Contact Form Email (versions before 1.2.66). The flaw is an XSS in wp-admin/admin.php via the item parameter in the "custom edition area", tracked to cp_admin_int_edition.inc.php. Impact: potential JavaScript execution in the admin context. Remediation:...
CVE-2023-28494
CVE-2023-28494 affects WordPress plugin Contact Form Email (