GCVE - cpe:2.3:a:codepeople:contact_form_email:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:codepeople:contact_form_email:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Codepeople (`f85d1a73-9b3f-50b5-b09d-cd136586594b`)
Product	Contact Form Email (`1101d0ea-40a5-51cf-a4f9-2aafa07b438b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wp-plugins/contact-form-to-email`	purl2cpe	2026-06-01 10:10:56.650636
`pkg:github/wpplugins/contact-form-to-email`	purl2cpe	2026-06-01 10:10:56.650640

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-32483`	vulnerable	2026-06-03 15:20:43.080437	WordPress Contact Form Email plugin <= 1.3.63 - Broken Access Control vulnerability MEDIUM (6.5) Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.63. Published: 2026-03-25T16:14:57.726Z Updated: 2026-04-29T09:52:00.864Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/contact-form-to-email/vulnerability/wordpress-contact-form-email-plugin-1-3-63-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-64369`	vulnerable	2026-06-03 15:09:37.826697	WordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerability MEDIUM (6.5) Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58. Published: 2025-11-13T09:24:33.215Z Updated: 2026-04-28T18:31:48.885Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/contact-form-to-email/vulnerability/wordpress-contact-form-email-plugin-1-3-58-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-24727`	vulnerable	2026-06-03 14:59:56.746409	WordPress Contact Form to Email Plugin <= 1.3.52 - Cross Site Scripting (XSS) vulnerability MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through <= 1.3.52. Published: 2025-01-24T17:25:08.781Z Updated: 2026-04-28T16:11:33.504Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/contact-form-to-email/vulnerability/wordpress-contact-form-to-email-plugin-1-3-52-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10019`	vulnerable	2026-06-03 14:58:33.411339	WordPress Contact Form Email plugin <= 1.3.60 - Insecure Direct Object References (IDOR) vulnerability MEDIUM (6.5) Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.60. Published: 2025-12-18T07:21:40.448Z Updated: 2026-04-28T16:10:57.279Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/contact-form-to-email/vulnerability/wordpress-contact-form-email-plugin-1-3-59-insecure-direct-object-references-idor-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-31302`	vulnerable	2026-06-03 14:55:39.416233	WordPress Contact Form Email plugin <= 1.3.44 - Sensitive Data Exposure vulnerability MEDIUM (5.3) Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. Published: 2024-04-10T15:32:41.272Z Updated: 2026-04-28T16:09:30.660Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/contact-form-to-email/wordpress-contact-form-email-plugin-1-3-44-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-48318`	vulnerable	2026-06-03 14:53:18.922974	WordPress Contact Form Email plugin <= 1.3.41 - Captcha Bypass vulnerability MEDIUM (5.3) Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41. Published: 2024-06-04T10:26:32.998Z Updated: 2026-04-28T16:08:54.175Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/contact-form-to-email/wordpress-contact-form-email-plugin-1-3-41-captcha-bypass-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28494`	vulnerable	2026-06-03 14:51:09.460809	WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability MEDIUM (4.3) Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31. Published: 2024-06-04T07:06:01.935Z Updated: 2026-04-28T16:08:16.171Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/contact-form-to-email/wordpress-contact-form-email-plugin-1-3-31-missing-authorization-leading-to-feedback-submission-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.