Missing Authorization in Contact Form Email Plugin by CodePeople
CVE-2025-64369

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Contact Form Email
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-64369?

The Contact Form Email plugin by CodePeople is affected by a missing authorization vulnerability that allows attackers to exploit improperly configured access control security levels. This issue can lead to unauthorized actions being performed, risking user data and the integrity of communications through the contact form functionality. The vulnerability impacts versions of the plugin from n/a up to and including 1.3.58, necessitating immediate attention and updates to secure affected installations.

Affected Version(s)

Contact Form Email <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/cont...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Oct 31, 2025

Credit

daroo | Patchstack Bug Bounty Program

JSON