Codepeople: >> Contact Form Email Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Contact Form Email allows Stored XSS. This issue affects Contact Form Email: from n/a through 1.3.52.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-01-24
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-06-04
Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-06-04
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-04-10
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
4.8
EPSS Score
0.001
Published
2023-12-11
The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-06-12
The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-11-17
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-13
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-13
The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area."
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-10
Page 1