This vulnerability in codepeople CP Contact Form with Paypal (versions ≤ 1.3.61) involves improper neutralization of special elements in SQL commands, enabling blind SQL injection attacks. The CVSS 3.1 score is 8.5, indicating high severity with network attack vector, low attack complexity, requiring low privileges and no user interaction. The impact is a complete confidentiality breach with limited availability impact. No patch or vendor advisory is currently available to confirm remediation status.

Successful exploitation could allow an attacker with low privileges to extract sensitive data from the backend database without direct visibility (blind SQL injection). The confidentiality impact is high, meaning sensitive information could be disclosed. Integrity is not impacted, and availability impact is low. No known exploits have been reported in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the vulnerable plugin and consider disabling it if possible. Monitor official vendor channels for updates and patches addressing this vulnerability.