cleantalk
Vulnerabilities and Security Researches

CP Contact Form with PayPal, CVE-2026-32433

CVE, Research URL

CVE-2026-32433

Home page URL

Security reports for CP Contact Form with PayPal

Application

CP Contact Form with PayPal

Published on
Mar 14, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through <= 1.3.61.
Affected versions
max 1.3.61.
Status
vulnerable
Previous vulnerability researches
Checkout Upsell &#8211; WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C (CVE-2026-25419) , Feb 27, 2026
Checkout Upsell &#8211; WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C (CVE-2026-32459) , Mar 30, 2026
New vulnerability
RegistrationMagic &#8211; Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-24373) , Mar 30, 2026
RegistrationMagic &#8211; Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32385) , Mar 30, 2026
RegistrationMagic &#8211; Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32498) , Mar 30, 2026
Gallery Block (Meow Gallery) (CVE-2026-32418) , Mar 30, 2026
Master Addons for Elementor (CVE-2026-32462) , Mar 30, 2026