VYPR

Contact Form To Email

by WordPress

Source repositories

CVEs (6)

  • CVE-2021-47926MedMay 10, 2026
    risk 0.42cvss 6.4epss 0.00

    Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes…

  • CVE-2025-10019MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.60.

  • CVE-2025-64369MedNov 13, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.

  • CVE-2018-20963Aug 13, 2019
    risk 0.00cvss epss 0.01

    The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.

  • CVE-2018-20964Aug 13, 2019
    risk 0.00cvss epss 0.01

    The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.

  • CVE-2019-9646Mar 10, 2019
    risk 0.00cvss epss 0.01

    The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area."