VYPR

Contact Manager

by WordPress

Source repositories

CVEs (2)

  • CVE-2022-1014CriMay 23, 2022
    risk 0.64cvss 9.8epss 0.02

    The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.

  • CVE-2025-1028HigFeb 5, 2025
    risk 0.53cvss 8.1epss 0.01

    The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on…