Missing Authorization in Contact Form Email Plugin by CodePeople
CVE-2025-64369

Currently unrated

Key Information:

Vendor

WordPress
Status
Contact Form Email
Vendor
CVE Published:
13 November 2025

What is CVE-2025-64369?

The Contact Form Email plugin by CodePeople is affected by a missing authorization vulnerability that allows attackers to exploit improperly configured access control security levels. This issue can lead to unauthorized actions being performed, risking user data and the integrity of communications through the contact form functionality. The vulnerability impacts versions of the plugin from n/a up to and including 1.3.58, necessitating immediate attention and updates to secure affected installations.

Affected Version(s)

Contact Form Email <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/cont...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

daroo | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64369 : Missing Authorization in Contact Form Email Plugin by CodePeople