What the vulnerability does
01Description
Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34.
Explanation of Vulnerability in Simple Terms
CP Contact Form with Paypal versions up to 1.3.34 lack proper authorization checks, allowing authenticated users to modify form data they should not have access to. An attacker with a low-privilege account can alter contact form submissions or settings. The vulnerability requires login credentials but does not require user interaction beyond normal site access.
What an attacker can do
Modify contact form data or settings that belong to other users or forms.
Potential impact on your site
Authenticated users can tamper with contact forms and submissions, potentially disrupting form functionality or exposing/altering user data.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no special user interaction required.
Key dates
External resources
Related vulnerabilities