Filtered by vendor Codepeople
Subscriptions
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9371 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | 4.8 Medium |
| Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. | ||||
| CVE-2020-7228 | 1 Codepeople | 1 Calculated Fields Form | 2024-11-21 | 5.4 Medium |
| The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. | ||||
| CVE-2019-9646 | 1 Codepeople | 1 Contact Form Email | 2024-11-21 | N/A |
| The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." | ||||
| CVE-2019-14791 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | N/A |
| The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | ||||
| CVE-2019-14785 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | N/A |
| The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | ||||
| CVE-2019-14784 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | N/A |
| The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. | ||||
| CVE-2018-20964 | 1 Codepeople | 1 Contact Form Email | 2024-11-21 | N/A |
| The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | ||||
| CVE-2018-20963 | 1 Codepeople | 1 Contact Form Email | 2024-11-21 | N/A |
| The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. | ||||
| CVE-2016-10992 | 1 Codepeople | 1 Music Store | 2024-11-21 | 6.1 Medium |
| The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. | ||||
| CVE-2016-10916 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | N/A |
| The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. | ||||
| CVE-2016-10909 | 1 Codepeople | 1 Booking Calendar Contact Form | 2024-11-21 | N/A |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. | ||||
| CVE-2016-10908 | 1 Codepeople | 1 Booking Calendar Contact Form | 2024-11-21 | N/A |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS. | ||||
| CVE-2015-9348 | 1 Codepeople | 1 Sell Downloads | 2024-11-21 | N/A |
| The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. | ||||
| CVE-2015-9346 | 1 Codepeople | 1 Polls Cp | 2024-11-21 | N/A |
| The cp-polls plugin before 1.0.5 for WordPress has XSS. | ||||
| CVE-2015-10099 | 1 Codepeople | 1 Cp Appointment Calendar | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The patch is named e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351. | ||||
| CVE-2014-10395 | 1 Codepeople | 1 Polls Cp | 2024-11-21 | N/A |
| The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. | ||||