本ページは codepeople contact_form_email に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-24727 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through <= 1.3.52. | [email protected] | 5.9 | 0.29% | 2025-01-24 | 2026-06-17 |
| CVE-2023-48318 | Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41. | [email protected] | 5.3 | 0.31% | 2024-06-04 | 2026-06-17 |
| CVE-2023-28494 | Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31. | [email protected] | 4.3 | 0.31% | 2024-06-04 | 2026-06-17 |
| CVE-2024-31302 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. | [email protected] | 5.3 | 0.47% | 2024-04-10 | 2026-06-17 |
| CVE-2023-5955 | The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | [email protected] | 4.8 | 0.46% | 2023-12-11 | 2026-06-17 |
| CVE-2023-2718 | The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. | [email protected] | 5.4 | 0.48% | 2023-06-12 | 2026-06-17 |
| CVE-2021-42361 | The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | [email protected] | 4.8 | 0.60% | 2021-11-17 | 2026-06-17 |
| CVE-2018-20964 | The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | [email protected] | 8.8 | 0.68% | 2019-08-13 | 2026-06-16 |
| CVE-2018-20963 | The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. | [email protected] | 6.1 | 0.92% | 2019-08-13 | 2026-06-16 |
| CVE-2019-9646 | The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." | [email protected] | 6.1 | 1.39% | 2019-03-10 | 2026-06-16 |