Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codepeople vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-43482
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Codepeople Appointment Booking Calendar
5.4
CVSSv3
CVE-2023-51517
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a up to and including 1.2.28.
Codepeople Calculated Fields Form
4.8
CVSSv3
CVE-2022-2567
The Form Builder CP WordPress plugin prior to 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in ...
Codepeople Form Builder Cp
1 Github repository
9.8
CVSSv3
CVE-2015-10099
A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It...
Codepeople Cp Appointment Calendar
6.1
CVSSv3
CVE-2018-20963
The contact-form-to-email plugin prior to 1.2.66 for WordPress has XSS.
Codepeople Contact Form Email
8.8
CVSSv3
CVE-2018-20964
The contact-form-to-email plugin prior to 1.2.66 for WordPress has CSRF.
Codepeople Contact Form Email
9.8
CVSSv3
CVE-2014-125091
A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiat...
Codepeople Polls Cp 1.0.1
4.8
CVSSv3
CVE-2023-5955
The Contact Form Email WordPress plugin prior to 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mu...
Codepeople Contact Form Email
NA
CVE-2015-7319
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Codepeople Appointment Booking Calendar
NA
CVE-2015-7320
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Codepeople Appointment Booking Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »