Vulnerabilities and security researches forcontact-us-page-contact-people contact-us-page-contact-people

Jun 07, 2024

CVE, Research URL: CVE-2023-23973
Home page URL: Security reports for Contact Us Page – Contact People
Application: Contact Us Page – Contact People
Date: Mar 01, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page – Contact People plugin <= 3.7.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: d1b0f784da3ca0f399c542515fda1423816819f0
Home page URL: Security reports for Contact Us Page – Contact People
Application: Contact Us Page – Contact People
Date: Nov 02, 2022
Research Description: Contact Us Page – Contact People [contact-us-page-contact-people] < 3.6.2 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset The following plugins for WordPress are vulnerable to Cross-Site Request Forgery: a3 Lazy Load (<= 2.6.0), Contact Us Page – Contact People (<= 3.6.1), a3 Portfolio (<= 3.0.1), Dynamic Product Gallery for WooCommerce (3.0.1), a3 Responsive Slider (<= 2.2.0), Compare Products for WooCommerce (<= 2.8.2), Products Quick View for WooCommerce (<= 2.0.1), Product Sort and Display for WooCommerce (<= 2.2.2), Product Widget Slider for WooCommerce (), WP Email Template (<= 2.6.2). This is due to missing nonce validation on the reset_settings() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-5123
Home page URL: Security reports for Contact Us Page – Contact People
Application: Contact Us Page – Contact People
Date: Jun 13, 2025
Research Description: The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jul 07, 2025

CVE, Research URL: CVE-2025-28967
Home page URL: Security reports for Contact Us Page – Contact People
Application: Contact Us Page – Contact People
Date: Jul 04, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE allows SQL Injection. This issue affects Contact Us page - Contact people LITE: from n/a through 3.7.4.
Affected versions: Min -, max -.
Status: vulnerable