Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codepeople vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-9371
Stored XSS exists in the Appointment Booking Calendar plugin prior to 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow malicious users to inject arbitrary JavaScript or HTML.
Codepeople Appointment Booking Calendar
1 EDB exploit
9.8
CVSSv3
CVE-2015-10099
A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It...
Codepeople Cp Appointment Calendar
5.3
CVSSv3
CVE-2024-31302
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a up to and including 1.3.44.
Codepeople Contact Form Email
4.8
CVSSv3
CVE-2023-5955
The Contact Form Email WordPress plugin prior to 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in mu...
Codepeople Contact Form Email
8.8
CVSSv3
CVE-2022-43482
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Codepeople Appointment Booking Calendar
6.1
CVSSv3
CVE-2019-14791
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
Codepeople Appointment Booking Calendar 1.3.18
6.1
CVSSv3
CVE-2016-10908
The booking-calendar-contact-form plugin prior to 1.0.24 for WordPress has XSS.
Codepeople Booking Calendar Contact Form
9.8
CVSSv3
CVE-2016-10909
The booking-calendar-contact-form plugin prior to 1.0.24 for WordPress has SQL injection.
Codepeople Booking Calendar Contact Form
8.8
CVSSv3
CVE-2022-41790
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a up to and including 1.1.76.
Codepeople Wp Time Slots Booking Form
8.8
CVSSv3
CVE-2015-9233
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin prior to 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
Codepeople Cp Contact Form With Paypal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »