Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31302 | 1 Codepeople | 1 Contact Form Email | 2024-04-26 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. | |||||
| CVE-2023-5955 | 1 Codepeople | 1 Contact Form Email | 2023-12-13 | N/A | 4.8 MEDIUM |
| The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-2718 | 1 Codepeople | 1 Contact Form Email | 2023-12-10 | N/A | 5.4 MEDIUM |
| The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. | |||||
| CVE-2021-42361 | 1 Codepeople | 1 Contact Form Email | 2023-12-10 | 2.1 LOW | 4.8 MEDIUM |
| The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2018-20964 | 1 Codepeople | 1 Contact Form Email | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | |||||
| CVE-2018-20963 | 1 Codepeople | 1 Contact Form Email | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. | |||||
| CVE-2019-9646 | 1 Codepeople | 1 Contact Form Email | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." | |||||