4 matches found
CVE-2019-14785
The CVE-2019-14785 issue affects the WordPress plugin CP Contact Form with PayPal prior to version 1.2.99, where an XSS flaw exists in the publishing wizard via wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. Impact is client-side script execution as de...
CVE-2019-14784
The CVE-2019-14784 entry applies to the WordPress plugin CP Contact Form with PayPal (pre-1.2.98). It contains an XSS in CSS edition vulnerability in the plugin’s admin/css handling, with PoC evidence showing input can be reflected in the admin interface. Affected versions are prior to 1.2.98; a ...
CVE-2023-27460
CVE-2023-27460 affects WordPress CP Contact Form with Paypal plugin, <=1.3.34, due to Missing Authorization that could enable feedback submission abuse. A fix is available: upgrade to version 1.3.35. Public advisories show differing CVSS assessments (NVD: 8.8 HIGH; Patchstack: 4.3 MEDIUM), but...
CVE-2015-9233
The CP Contact Form with PayPal WordPress plugin (pre-1.1.6) is affected by a CSRF vulnerability that can lead to Cross-Site Scripting (XSS), related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. Affected versions are prior to 1.1.6; updating to 1.1.6 or later is the docume...