VYPR

Cp Contact Form With Paypal

by WordPress

Source repositories

CVEs (5)

  • CVE-2015-9233HigSep 30, 2017
    risk 0.57cvss 8.8epss 0.01

    The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.

  • CVE-2025-13384HigNov 22, 2025
    risk 0.49cvss 7.5epss 0.00

    The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query parameter) that processes…

  • CVE-2015-9234HigSep 30, 2017
    risk 0.47cvss 7.2epss 0.02

    The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.

  • CVE-2024-13758Jan 30, 2025
    risk 0.00cvss epss 0.00

    The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cp_contact_form_paypal_check_init_actions() function. This makes it possible…

  • CVE-2019-14785Aug 9, 2019
    risk 0.00cvss epss 0.01

    The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter.