Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codepeople vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-5953
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and previous versions, for Joomla! allow remote malicious users to inject arbitrary web script or HTML via the (1) calid ...
Codepeople Com Multicalendar 4.0.2
Codepeople Com Multicalendar
4.3
CVSSv2
CVE-2014-10395
The cp-polls plugin prior to 1.0.1 for WordPress has XSS in the votes list.
Codepeople Polls Cp
4.3
CVSSv2
CVE-2015-9346
The cp-polls plugin prior to 1.0.5 for WordPress has XSS.
Codepeople Polls Cp
5
CVSSv2
CVE-2015-9348
The sell-downloads plugin prior to 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.
Codepeople Sell Downloads
4.3
CVSSv2
CVE-2016-10992
The music-store plugin prior to 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.
Codepeople Music Store
NA
CVE-2015-10099
A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It...
Codepeople Cp Appointment Calendar
NA
CVE-2022-43482
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Codepeople Appointment Booking Calendar
3.5
CVSSv2
CVE-2020-9371
Stored XSS exists in the Appointment Booking Calendar plugin prior to 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow malicious users to inject arbitrary JavaScript or HTML.
Codepeople Appointment Booking Calendar
1 EDB exploit
6.8
CVSSv2
CVE-2020-9372
The Appointment Booking Calendar plugin prior to 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The at...
Codepeople Appointment Booking Calendar
1 EDB exploit
NA
CVE-2024-0963
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'locatio...
Codepeople Calculated Fields Form
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »