Authorization Bypass Vulnerability in Codepeople Contact Form Email Plugin
CVE-2025-10019

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Contact Form Email
Vendor
CVE Published:
18 December 2025

What is CVE-2025-10019?

An authorization bypass vulnerability exists in the Codepeople Contact Form Email plugin which allows attackers to exploit incorrectly configured access control security levels. This could enable unauthorized access to sensitive information or functionalities within the plugin. The issue affects versions from n/a up to and including 1.3.60.

Affected Version(s)

Contact Form Email 0 <= 1.3.60

References

https://patchstack.com/database/Wordpress/Plugin/contact-...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rooting | Patchstack Bug Bounty Program
.