Lucene search
K
CodepeopleContact Form Email

10 matches found

CVE
CVE
added 2025/01/24 5:25 p.m.84 views

CVE-2025-24727

CVE-2025-24727 affects the WordPress plugin Contact Form Email (CodePeople) up to v1.3.52. The description confirms a stored XSS due to improper input neutralization during web page generation. Multiple sources in the connected set (NVD, CVE lists, Red Hat advisory) corroborate the vulnerability;...

5.9CVSS7.2AI score0.00303EPSS
CVE
CVE
added 2024/04/10 3:32 p.m.77 views

CVE-2024-31302

CVE-2024-31302 affects the Contact Form Email plugin by CodePeople for WordPress. The vulnerability is described as an unauthenticated exposure of sensitive information via the plugin’s Contact Form Email feature, impacting versions from n/a up to 1.3.44. Public records in this set indicate an In...

5.3CVSS8.5AI score0.0047EPSS
CVE
CVE
added 2024/06/04 10:26 a.m.71 views

CVE-2023-48318

CVE-2023-48318 is a CAPTCHA bypass vulnerability in WordPress plugin Contact Form Email (

6.5CVSS5.3AI score0.00312EPSS
CVE
CVE
added 2023/12/11 7:30 p.m.59 views

CVE-2023-5955

CVE-2023-5955 affects the WordPress plugin Contact Form Email up to version 1.3.44 . The issue arises because the plugin does not adequately sanitize and escape certain settings, enabling stored XSS via an exploited admin/editor action, including scenarios where the unfiltered_html capability is ...

6.1CVSS4.6AI score0.00455EPSS
CVE
CVE
added 2019/08/13 4:46 p.m.57 views

CVE-2018-20963

CVE-2018-20963 affects the WordPress plugin contact-form-to-email , versions prior to 1.2.66. The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient validation of client-side data in the plugin, enabling an attacker to execute arbitrary script in a victim’s browser. Public ...

6.1CVSS6.4AI score0.00915EPSS
CVE
CVE
added 2023/06/12 5:28 p.m.56 views

CVE-2023-2718

The CVE-2023-2718 entry covers the WordPress plugin Contact Form Email, affected versions prior to 1.3.38, which fails to escape submitted values before HTML output, causing an unauthenticated Stored XSS. Root cause: input is echoed without escaping. Impact: stored XSS on pages rendering form sub...

5.4CVSS5.2AI score0.00505EPSS
CVE
CVE
added 2019/08/13 4:46 p.m.52 views

CVE-2018-20964

CVE-2018-20964 affects the WordPress plugin contact-form-to-email, versions prior to 1.2.66. Root cause: CSRF in the plugin. Impact per CVSS: HIGH (CVSS‑3.0 base 8.8; CVSS‑2.0 base 6.8). Remediation: upgrade to version 1.2.66 or later to mitigate the vulnerability.

8.8CVSS8.7AI score0.00681EPSS
CVE
CVE
added 2021/11/17 6:27 p.m.51 views

CVE-2021-42361

The CVE-2021-42361 issue affects the WordPress Contact Form Email plugin (versions up to 1.3.24). The root cause is insufficient input validation/escaping of the name parameter in cp-admin-int-list.inc.php, enabling stored XSS when an attacker has administrative privileges on multi-site installat...

4.8CVSS4.8AI score0.00598EPSS
Web
CVE
CVE
added 2019/03/10 10:0 p.m.40 views

CVE-2019-9646

CVE-2019-9646 concerns the WordPress plugin Contact Form Email (versions before 1.2.66). The flaw is an XSS in wp-admin/admin.php via the item parameter in the "custom edition area", tracked to cp_admin_int_edition.inc.php. Impact: potential JavaScript execution in the admin context. Remediation:...

6.1CVSS6.2AI score0.01389EPSS
Web
CVE
CVE
added 2024/06/04 7:6 a.m.34 views

CVE-2023-28494

CVE-2023-28494 affects WordPress plugin Contact Form Email (

4.3CVSS4.7AI score0.00313EPSS