Codepeople

Contact Form Email

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-32483

  • EPSS 0.03%
  • Veröffentlicht 25.03.2026 16:14:57
  • Zuletzt bearbeitet 30.03.2026 13:27:12

Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.63.

6.5

CVE-2025-10019

  • EPSS 0.04%
  • Veröffentlicht 18.12.2025 07:21:40
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1...

6.5

CVE-2025-64369

  • EPSS 0.03%
  • Veröffentlicht 13.11.2025 09:24:33
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.

4.8

CVE-2025-24727

  • EPSS 0.12%
  • Veröffentlicht 24.01.2025 18:15:46
  • Zuletzt bearbeitet 01.04.2026 17:18:10

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through <= 1.3.52.

6.5

CVE-2023-48318

  • EPSS 0.11%
  • Veröffentlicht 04.06.2024 11:15:49
  • Zuletzt bearbeitet 10.03.2025 17:45:44

Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41.

4.3

CVE-2023-28494

  • EPSS 0.24%
  • Veröffentlicht 04.06.2024 07:15:41
  • Zuletzt bearbeitet 10.03.2025 17:43:23

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31.

5.3

CVE-2024-31302

  • EPSS 0.33%
  • Veröffentlicht 10.04.2024 16:15:14
  • Zuletzt bearbeitet 21.11.2024 09:13:13

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.

4.8

CVE-2023-5955

Exploit
  • EPSS 0.08%
  • Veröffentlicht 11.12.2023 20:15:07
  • Zuletzt bearbeitet 21.11.2024 08:42:51

The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d...

5.4

CVE-2023-2718

Exploit
  • EPSS 0.63%
  • Veröffentlicht 12.06.2023 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:59:09

The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.

2.1

CVE-2021-42361

  • EPSS 0.41%
  • Veröffentlicht 17.11.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:27:39

The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrat...