Skip to main content

Cp Contact Form With Paypal

5 CVEs product

Monthly

CVE-2026-32433 HIGH This Week

CP Contact Form with Paypal through version 1.3.61 contains a blind SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries with network access. An attacker with user-level privileges can exploit this flaw to extract sensitive database information, though no patch is currently available.

SQLi Cp Contact Form With Paypal
NVD VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2019-14784 MEDIUM This Month

The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Cp Contact Form With Paypal
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-14785 MEDIUM POC This Month

The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Cp Contact Form With Paypal
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2015-9234 HIGH This Week

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Cp Contact Form With Paypal
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2015-9233 HIGH This Week

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress CSRF PHP Cp Contact Form With Paypal
NVD
CVSS 3.1
8.8
EPSS
0.2%
EPSS 0% CVSS 8.5
HIGH This Week

CP Contact Form with Paypal through version 1.3.61 contains a blind SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries with network access. An attacker with user-level privileges can exploit this flaw to extract sensitive database information, though no patch is currently available.

SQLi Cp Contact Form With Paypal
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM This Month

The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Cp Contact Form With Paypal
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress CSRF +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy