VYPR

Cp Contact Form With Paypal

by Codepeople

Source repositories

CVEs (5)

  • CVE-2015-9233HigSep 30, 2017
    risk 0.57cvss 8.8epss 0.01

    The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.

  • CVE-2026-32433HigMar 13, 2026
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through <= 1.3.61.

  • CVE-2015-9234HigSep 30, 2017
    risk 0.47cvss 7.2epss 0.02

    The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.

  • CVE-2024-13758Jan 30, 2025
    risk 0.00cvss epss 0.00

    The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cp_contact_form_paypal_check_init_actions() function. This makes it possible…

  • CVE-2023-27460Jun 3, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34.