๐Ÿ” CVE Alert

CVE-2025-10019

MEDIUM 6.5

WordPress Contact Form Email plugin <= 1.3.60 - Insecure Direct Object References (IDOR) vulnerability

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.60.

CWE CWE-639
Vendor codepeople
Product contact form email
Published Dec 18, 2025
Last Updated Apr 1, 2026
Stay Ahead of the Next One

Get instant alerts for codepeople contact form email

Be the first to know when new medium vulnerabilities affecting codepeople contact form email are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

codepeople / Contact Form Email
0 โ‰ค 1.3.60

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
patchstack.com: https://patchstack.com/database/Wordpress/Plugin/contact-form-to-email/vulnerability/wordpress-contact-form-email-plugin-1-3-59-insecure-direct-object-references-idor-vulnerability?_s_id=cve

Credits

Rooting | Patchstack Bug Bounty Program