CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14785 – CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14785
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. El plugin "CP Contact Form with PayPal" anterior a versión 1.2.99 para WordPress, presenta una vulnerabilidad de tipo XSS en el asistente de publicación por medio del parámetro cp_contactformpp_id de wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1. • https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers https://www.pluginvulnerabilities.com/2019/06/24/reflected-cross-site-scripting-xss-vulnerability-in-cp-contact-form-with-paypal • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14784 – CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14784
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. El plugin "CP Contact Form with PayPal" versiones anteriores a 1.2.98 para WordPress, presenta una vulnerabilidad de tipo XSS en la edición de CSS. The "CP Contact Form with PayPal" plugin before 1.3.02 for WordPress has XSS in CSS edition. • https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9233 – CP Contact Form with PayPal < 1.1.6 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-9233
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. Las versiones anteriores a la 1.1.6 del plugin cp-contact-form-with-paypal (también llamado CP Contact Form with PayPal) para WordPress tienen Cross-Site Request Forgery (CSRF) con Cross-Site Scripting (XSS) resultante. Esto está relacionado con cp_contactformpp.php y cp_contactformpp_admin_int_list.inc.php. • http://seclists.org/fulldisclosure/2015/Jul/49 http://seclists.org/oss-sec/2015/q3/88 https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •