Contact Form Email
Approved changes feed: RSS · Atom
cpe:2.3:a:codepeople:contact_form_email:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Codepeople (f85d1a73-9b3f-50b5-b09d-cd136586594b) |
|---|---|
| Product | Contact Form Email (1101d0ea-40a5-51cf-a4f9-2aafa07b438b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-24727 |
vulnerable | 2026-06-03 14:59:56.747475 |
WordPress Contact Form to Email Plugin <= 1.3.52 - Cross Site Scripting (XSS) vulnerability
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through <= 1.3.52.
Published: 2025-01-24T17:25:08.781Z
Updated: 2026-04-28T16:11:33.504Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31302 |
vulnerable | 2026-06-03 14:55:39.417192 |
WordPress Contact Form Email plugin <= 1.3.44 - Sensitive Data Exposure vulnerability
MEDIUM (5.3)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.
Published: 2024-04-10T15:32:41.272Z
Updated: 2026-04-28T16:09:30.660Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5955 |
vulnerable | 2026-06-03 14:53:50.001989 |
Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Published: 2023-12-11T19:30:26.587Z
Updated: 2024-10-01T14:35:50.973Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48318 |
vulnerable | 2026-06-03 14:53:18.923702 |
WordPress Contact Form Email plugin <= 1.3.41 - Captcha Bypass vulnerability
MEDIUM (5.3)
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41.
Published: 2024-06-04T10:26:32.998Z
Updated: 2026-04-28T16:08:54.175Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2718 |
vulnerable | 2026-06-03 14:51:43.761381 |
Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting
The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.
Published: 2023-06-12T17:28:21.468Z
Updated: 2024-08-02T06:33:05.488Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28494 |
vulnerable | 2026-06-03 14:51:09.460049 |
WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31.
Published: 2024-06-04T07:06:01.935Z
Updated: 2026-04-28T16:08:16.171Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-42361 |
vulnerable | 2026-06-03 14:45:27.180173 |
Contact Form Email <= 1.3.24 Authenticated Stored Cross-Site Scripting
MEDIUM (4.8)
The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
Published: 2021-11-17T18:27:22.508Z
Updated: 2025-02-14T17:51:38.239Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-9646 |
vulnerable | 2026-06-03 14:40:49.532956 |
Details available
The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area."
Published: 2019-03-10T22:00:00.000Z
Updated: 2024-09-17T03:27:56.876Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-20964 |
vulnerable | 2026-06-03 14:38:39.964899 |
Details available
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
Published: 2019-08-13T16:46:13.000Z
Updated: 2024-08-05T12:19:27.024Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-20963 |
vulnerable | 2026-06-03 14:38:39.964533 |
Details available
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.
Published: 2019-08-13T16:46:45.000Z
Updated: 2024-08-05T12:19:27.051Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.