ReportizFlow
Filtered by vendor Codepeople
Subscriptions
Filtered by product Cp Contact Form With Paypal
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13384 | 2 Codepeople, Wordpress | 2 Cp Contact Form With Paypal, Wordpress | 2025-11-24 | 7.5 High |
| The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query parameter) that processes payment confirmations without any authentication, nonce verification, or PayPal IPN signature validation. This makes it possible for unauthenticated attackers to mark form submissions as paid without making actual payments by sending forged payment notification requests with arbitrary POST data (payment_status, txn_id, payer_email). | ||||
| CVE-2023-27460 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34. | ||||
| CVE-2015-9233 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2025-04-20 | 8.8 High |
| The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | ||||
| CVE-2019-14785 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | N/A |
| The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | ||||
| CVE-2019-14784 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | N/A |
| The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. | ||||
Page 1 of 1.