Contact Form To Email
by WordPress
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47926 | Med | 0.42 | 6.4 | 0.00 | May 10, 2026 | Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes… | ||
| CVE-2025-10019 | Med | 0.42 | 6.5 | 0.00 | Dec 18, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.60. | ||
| CVE-2025-64369 | Med | 0.42 | 6.5 | 0.00 | Nov 13, 2025 | Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58. | ||
| CVE-2018-20963 | 0.00 | — | 0.01 | Aug 13, 2019 | The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. | |||
| CVE-2018-20964 | 0.00 | — | 0.01 | Aug 13, 2019 | The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | |||
| CVE-2019-9646 | 0.00 | — | 0.01 | Mar 10, 2019 | The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." |
- risk 0.42cvss 6.4epss 0.00
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes…
- risk 0.42cvss 6.5epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.60.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.
- CVE-2018-20963Aug 13, 2019risk 0.00cvss —epss 0.01
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.
- CVE-2018-20964Aug 13, 2019risk 0.00cvss —epss 0.01
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
- CVE-2019-9646Mar 10, 2019risk 0.00cvss —epss 0.01
The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area."