Cp Contact Form With Paypal
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9233 | Hig | 0.57 | 8.8 | 0.01 | Sep 30, 2017 | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | ||
| CVE-2025-13384 | Hig | 0.49 | 7.5 | 0.00 | Nov 22, 2025 | The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query parameter) that processes… | ||
| CVE-2015-9234 | Hig | 0.47 | 7.2 | 0.02 | Sep 30, 2017 | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | ||
| CVE-2024-13758 | 0.00 | — | 0.00 | Jan 30, 2025 | The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cp_contact_form_paypal_check_init_actions() function. This makes it possible… | |||
| CVE-2019-14785 | 0.00 | — | 0.01 | Aug 9, 2019 | The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. |
- risk 0.57cvss 8.8epss 0.01
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
- risk 0.49cvss 7.5epss 0.00
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query parameter) that processes…
- risk 0.47cvss 7.2epss 0.02
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
- CVE-2024-13758Jan 30, 2025risk 0.00cvss —epss 0.00
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cp_contact_form_paypal_check_init_actions() function. This makes it possible…
- CVE-2019-14785Aug 9, 2019risk 0.00cvss —epss 0.01
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter.