ThreatPress

WordPress Vulnerabilities Database

Back

WordPress CP Contact Form with Paypal Plugin 1.1.5 - Multiple Vulnerabilities

Product
CP Contact Form with Paypal
Description
There are multiple vulnerabilities in this plugin, such as CSRF, XSS and SQL injection. These vulnerabilities allow an attacker to add or delete forms, export CSV files of the messages and modify settings of the form.
Solution
Upgrade to version 1.1.6.
Classification
Type Multi
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.1.5
Fixed In 1.1.6
Disclosure date
2015-07-13
Credits
Nitin Venkatesh