Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codepeople vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-9371
Stored XSS exists in the Appointment Booking Calendar plugin prior to 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow malicious users to inject arbitrary JavaScript or HTML.
Codepeople Appointment Booking Calendar
1 EDB exploit
6.8
CVSSv2
CVE-2020-9372
The Appointment Booking Calendar plugin prior to 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The at...
Codepeople Appointment Booking Calendar
1 EDB exploit
7.5
CVSSv2
CVE-2015-7319
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allows remote malicious users to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Codepeople Appointment Booking Calendar
4.3
CVSSv2
CVE-2015-7320
Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin prior to 1.1.8 for WordPress allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Codepeople Appointment Booking Calendar
2.1
CVSSv2
CVE-2021-42361
The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbi...
Codepeople Contact Form Email
4.3
CVSSv2
CVE-2018-20963
The contact-form-to-email plugin prior to 1.2.66 for WordPress has XSS.
Codepeople Contact Form Email
6.8
CVSSv2
CVE-2018-20964
The contact-form-to-email plugin prior to 1.2.66 for WordPress has CSRF.
Codepeople Contact Form Email
3.5
CVSSv2
CVE-2020-7228
The Calculated Fields Form plugin up to and including 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.
Codepeople Calculated Fields Form
7.5
CVSSv2
CVE-2016-10916
The appointment-booking-calendar plugin prior to 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
Codepeople Appointment Booking Calendar
NA
CVE-2022-43482
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Codepeople Appointment Booking Calendar
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »