VYPR
Vendor

Codepeople

Products
13
CVEs
56
Across products
56
Status
Private

Products

13

Recent CVEs

56
View all 56 CVEs →
  • CVE-2022-3427HigDec 15, 2022
    risk 0.57cvss 8.8epss 0.01

    The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger…

  • CVE-2015-9233HigSep 30, 2017
    risk 0.57cvss 8.8epss 0.01

    The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.

  • CVE-2026-32433HigMar 13, 2026
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through <= 1.3.61.

  • CVE-2025-46241HigApr 22, 2025
    risk 0.53cvss 8.2epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.

  • CVE-2024-2020HigMar 13, 2024
    risk 0.47cvss 7.2epss 0.01

    The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2022-4035HigNov 29, 2022
    risk 0.47cvss 7.2epss 0.01

    The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This…

  • CVE-2015-9234HigSep 30, 2017
    risk 0.47cvss 7.2epss 0.02

    The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.

  • CVE-2024-29759HigMar 27, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.

  • CVE-2026-32483MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.63.

  • CVE-2026-3986MedMar 13, 2026
    risk 0.42cvss 6.4epss 0.00

    The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization…

  • CVE-2025-68569MedDec 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.39.

  • CVE-2025-10019MedDec 18, 2025
    risk 0.42cvss 6.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.60.

  • CVE-2025-64369MedNov 13, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.

  • CVE-2025-39562MedApr 17, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue affects Payment Form for PayPal Pro: from n/a through <= 1.1.72.

  • CVE-2025-24727MedJan 24, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through <= 1.3.52.

  • CVE-2022-4034MedNov 29, 2022
    risk 0.38cvss 5.8epss 0.01

    The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a…

  • CVE-2025-64261MedNov 13, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95.

  • CVE-2025-47472MedMay 7, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Player for WooCommerce: from n/a through <= 1.5.1.

  • CVE-2024-0963MedFeb 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location'…

  • CVE-2026-32432MedMar 13, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42.