Christian Mondragon

**Name of the Vulnerable Software and Affected Versions** CP Contact Form with PayPal version 1.2.97 and earlier **Description** The issue concerns a Cross-Site Scripting (XSS) flaw in the CSS edition of the plugin. **Recommendations** For versions 1.2.97 and earlier, update to version 1.2.98 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cp-contact-form-with-paypal versions prior to 1.1.6 **Description** The issue is related to CSRF with resultant XSS. It is connected to the files cp contactformpp.php and cp contactformpp admin int list.inc.php. **Recommendations** For versions prior to 1.1.6, update to version 1.1.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cp-contact-form-with-paypal versions prior to 1.1.6 **Description** The issue concerns SQL injection, which can be exploited through the `cp contactformpp id` parameter in the `cp contactformpp.php` file. **Recommendations** For versions prior to 1.1.6, update to version 1.1.6 or later to resolve the issue.