Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codepeople vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2021-42361
The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbi...
Codepeople Contact Form Email
NA
CVE-2023-0389
The Calculated Fields Form WordPress plugin prior to 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa...
Codepeople Calculated Fields Form
NA
CVE-2022-2567
The Form Builder CP WordPress plugin prior to 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in ...
Codepeople Form Builder Cp
1 Github repository
NA
CVE-2023-51517
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a up to and including 1.2.28.
Codepeople Calculated Fields Form
7.5
CVSSv2
CVE-2015-7319
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Codepeople Appointment Booking Calendar
4.3
CVSSv2
CVE-2019-14791
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
Codepeople Appointment Booking Calendar 1.3.18
4.3
CVSSv2
CVE-2016-10908
The booking-calendar-contact-form plugin prior to 1.0.24 for WordPress has XSS.
Codepeople Booking Calendar Contact Form
7.5
CVSSv2
CVE-2016-10909
The booking-calendar-contact-form plugin prior to 1.0.24 for WordPress has SQL injection.
Codepeople Booking Calendar Contact Form
4.3
CVSSv2
CVE-2019-14784
The "CP Contact Form with PayPal" plugin prior to 1.2.98 for WordPress has XSS in CSS edition.
Codepeople Cp Contact Form With Paypal
3.5
CVSSv2
CVE-2019-14785
The "CP Contact Form with PayPal" plugin prior to 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter.
Codepeople Cp Contact Form With Paypal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »