Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codepeople vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2020-9372
The Appointment Booking Calendar plugin prior to 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The at...
Codepeople Appointment Booking Calendar
1 EDB exploit
668
VMScore
CVE-2022-1692
The CP Image Store with Slideshow WordPress plugin prior to 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection atta...
Dwbooster Cp Image Store With Slideshow
668
VMScore
CVE-2020-14092
The CodePeople Payment Form for PayPal Pro plugin prior to 1.1.65 for WordPress allows SQL Injection.
Ithemes Paypal Pro
668
VMScore
CVE-2016-10916
The appointment-booking-calendar plugin prior to 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
Codepeople Appointment Booking Calendar
668
VMScore
CVE-2016-10909
The booking-calendar-contact-form plugin prior to 1.0.24 for WordPress has SQL injection.
Codepeople Booking Calendar Contact Form
668
VMScore
CVE-2015-7319
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Codepeople Appointment Booking Calendar
605
VMScore
CVE-2018-20964
The contact-form-to-email plugin prior to 1.2.66 for WordPress has CSRF.
Codepeople Contact Form Email
605
VMScore
CVE-2015-9233
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin prior to 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
Codepeople Cp Contact Form With Paypal
445
VMScore
CVE-2015-9348
The sell-downloads plugin prior to 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.
Codepeople Sell Downloads
383
VMScore
CVE-2016-10992
The music-store plugin prior to 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.
Codepeople Music Store
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »