Sign in Subscribe

← All vendors

Vendor

Codepeople

Sign in to watch

Products

6

CVEs

13

Across products

13

Status

Private

Products

6

Recent CVEs

13

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2015-9233	Hig	0.57	8.8	0.00		Sep 30, 2017	The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
CVE-2025-46241	Hig	0.53	8.2	0.00		Apr 22, 2025	Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
CVE-2024-2020	Hig	0.47	7.2	0.02		Mar 13, 2024	The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires the professional version or higher.
CVE-2024-29759	Hig	0.46	7.1	0.00		Mar 27, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.
CVE-2024-0963	Med	0.42	6.4	0.00		Feb 2, 2024	The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-24727	Med	0.38	5.9	0.00		Jan 24, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through <= 1.3.52.
CVE-2025-46247	Med	0.34	5.3	0.00		Apr 22, 2025	Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
CVE-2024-31302	Med	0.34	5.3	0.00		Apr 10, 2024	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.
CVE-2023-23895	Med	0.31	4.7	0.00		Dec 9, 2024	Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82.
CVE-2025-49291	Med	0.28	4.3	0.00		Jun 6, 2025	Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through <= 5.3.58.
CVE-2023-25039	Med	0.28	4.3	0.00		Mar 25, 2024	Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43.
CVE-2022-41790	Med	0.28	4.3	0.00		Jan 17, 2024	Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76.
CVE-2023-51517	Med	0.27	4.1	0.00		Dec 29, 2023	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28.