Vendor CVEs
Codepeople
All CVEs
56 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3427 | Hig | 0.57 | 8.8 | 0.01 | Dec 15, 2022 | The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger… | ||
| CVE-2015-9233 | Hig | 0.57 | 8.8 | 0.01 | Sep 30, 2017 | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | ||
| CVE-2026-32433 | Hig | 0.55 | 8.5 | 0.00 | Mar 13, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through <= 1.3.61. | ||
| CVE-2025-46241 | Hig | 0.53 | 8.2 | 0.00 | Apr 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92. | ||
| CVE-2024-2020 | Hig | 0.47 | 7.2 | 0.01 | Mar 13, 2024 | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated… | ||
| CVE-2022-4035 | Hig | 0.47 | 7.2 | 0.01 | Nov 29, 2022 | The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This… | ||
| CVE-2015-9234 | Hig | 0.47 | 7.2 | 0.02 | Sep 30, 2017 | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | ||
| CVE-2024-29759 | Hig | 0.46 | 7.1 | 0.00 | Mar 27, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54. | ||
| CVE-2026-32483 | Med | 0.42 | 6.5 | 0.00 | Mar 25, 2026 | Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.63. | ||
| CVE-2026-3986 | Med | 0.42 | 6.4 | 0.00 | Mar 13, 2026 | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization… | ||
| CVE-2025-68569 | Med | 0.42 | 6.5 | 0.00 | Dec 24, 2025 | Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.39. | ||
| CVE-2025-10019 | Med | 0.42 | 6.5 | 0.00 | Dec 18, 2025 | Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.60. | ||
| CVE-2025-64369 | Med | 0.42 | 6.5 | 0.00 | Nov 13, 2025 | Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58. | ||
| CVE-2025-39562 | Med | 0.38 | 5.9 | 0.00 | Apr 17, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue affects Payment Form for PayPal Pro: from n/a through <= 1.1.72. | ||
| CVE-2025-24727 | Med | 0.38 | 5.9 | 0.00 | Jan 24, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through <= 1.3.52. | ||
| CVE-2022-4034 | Med | 0.38 | 5.8 | 0.01 | Nov 29, 2022 | The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a… | ||
| CVE-2025-64261 | Med | 0.35 | 5.4 | 0.00 | Nov 13, 2025 | Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95. | ||
| CVE-2025-47472 | Med | 0.35 | 5.4 | 0.00 | May 7, 2025 | Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Player for WooCommerce: from n/a through <= 1.5.1. | ||
| CVE-2024-0963 | Med | 0.35 | 6.4 | 0.00 | Feb 2, 2024 | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location'… | ||
| CVE-2026-32432 | Med | 0.34 | 5.3 | 0.00 | Mar 13, 2026 | Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42. | ||
| CVE-2025-46247 | Med | 0.34 | 5.3 | 0.00 | Apr 22, 2025 | Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92. | ||
| CVE-2023-45649 | Med | 0.34 | 5.3 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in codepeople Appointment Hour Booking appointment-hour-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through <= 1.4.23. | ||
| CVE-2024-32720 | Med | 0.34 | 5.3 | 0.00 | May 17, 2024 | Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56. | ||
| CVE-2024-31302 | Med | 0.34 | 5.3 | 0.00 | Apr 10, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. | ||
| CVE-2022-4036 | Med | 0.34 | 5.3 | 0.00 | Nov 29, 2022 | The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie. | ||
| CVE-2015-7666 | Med | 0.33 | 6.1 | 0.02 | Dec 27, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web… | ||
| CVE-2023-23895 | Med | 0.31 | 4.7 | 0.01 | Dec 9, 2024 | Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82. | ||
| CVE-2025-49332 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Cross Site Request Forgery.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.30. | ||
| CVE-2025-49291 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through <= 5.3.58. | ||
| CVE-2023-26521 | Med | 0.28 | 4.3 | 0.00 | Jun 3, 2024 | Missing Authorization vulnerability in CodePeople Search in Place allows Functionality Misuse.This issue affects Search in Place: from n/a through 1.0.104. | ||
| CVE-2023-25039 | Med | 0.28 | 4.3 | 0.01 | Mar 25, 2024 | Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43. | ||
| CVE-2022-41790 | Med | 0.28 | 4.3 | 0.00 | Jan 17, 2024 | Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76. | ||
| CVE-2023-51517 | Med | 0.27 | 4.1 | 0.00 | Dec 29, 2023 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28. | ||
| CVE-2023-6446 | Med | 0.22 | 4.4 | 0.00 | Jan 11, 2024 | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | ||
| CVE-2026-0684 | Med | 0.21 | 4.3 | 0.00 | Jan 13, 2026 | The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-13381 | 0.00 | — | 0.00 | May 1, 2025 | The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in… | |||
| CVE-2024-13758 | 0.00 | — | 0.00 | Jan 30, 2025 | The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cp_contact_form_paypal_check_init_actions() function. This makes it possible… | |||
| CVE-2024-12601 | 0.00 | — | 0.01 | Dec 17, 2024 | The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple… | |||
| CVE-2024-9940 | 0.00 | — | 0.00 | Oct 17, 2024 | The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject… | |||
| CVE-2024-35735 | 0.00 | — | 0.00 | Jun 10, 2024 | Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11. | |||
| CVE-2024-33543 | 0.00 | — | 0.00 | Jun 9, 2024 | Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06. | |||
| CVE-2024-35734 | 0.00 | — | 0.00 | Jun 8, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10. | |||
| CVE-2023-48318 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41. | |||
| CVE-2023-28494 | 0.00 | — | 0.00 | Jun 4, 2024 | Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31. | |||
| CVE-2023-27460 | 0.00 | — | 0.00 | Jun 3, 2024 | Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34. | |||
| CVE-2023-26523 | 0.00 | — | 0.00 | Jun 3, 2024 | Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120. | |||
| CVE-2023-5955 | 0.00 | — | 0.00 | Dec 11, 2023 | The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in… | |||
| CVE-2023-2718 | 0.00 | — | 0.01 | Jun 12, 2023 | The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. | |||
| CVE-2023-23971 | 0.00 | — | 0.00 | Apr 6, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions. | |||
| CVE-2022-43482 | 0.00 | — | 0.00 | Nov 18, 2022 | Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. |
- risk 0.57cvss 8.8epss 0.01
The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corner_ad_settings_page function. This makes it possible for unauthenticated attackers to trigger…
- risk 0.57cvss 8.8epss 0.01
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through <= 1.3.61.
- risk 0.53cvss 8.2epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows SQL Injection.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
- risk 0.47cvss 7.2epss 0.01
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…
- risk 0.47cvss 7.2epss 0.01
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This…
- risk 0.47cvss 7.2epss 0.02
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.63.
- risk 0.42cvss 6.4epss 0.00
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization…
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.39.
- risk 0.42cvss 6.5epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.60.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue affects Payment Form for PayPal Pro: from n/a through <= 1.1.72.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through <= 1.3.52.
- risk 0.38cvss 5.8epss 0.01
The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a…
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Player for WooCommerce: from n/a through <= 1.5.1.
- risk 0.35cvss 6.4epss 0.00
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location'…
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.92.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in codepeople Appointment Hour Booking appointment-hour-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through <= 1.4.23.
- risk 0.34cvss 5.3epss 0.00
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.
- risk 0.34cvss 5.3epss 0.00
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.
- risk 0.33cvss 6.1epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web…
- risk 0.31cvss 4.7epss 0.01
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Cross Site Request Forgery.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.30.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Cross Site Request Forgery.This issue affects Calculated Fields Form: from n/a through <= 5.3.58.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CodePeople Search in Place allows Functionality Misuse.This issue affects Search in Place: from n/a through 1.0.104.
- risk 0.28cvss 4.3epss 0.01
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76.
- risk 0.27cvss 4.1epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28.
- risk 0.22cvss 4.4epss 0.00
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- risk 0.21cvss 4.3epss 0.00
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated attackers, with…
- CVE-2024-13381May 1, 2025risk 0.00cvss —epss 0.00
The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
- CVE-2024-13758Jan 30, 2025risk 0.00cvss —epss 0.00
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cp_contact_form_paypal_check_init_actions() function. This makes it possible…
- CVE-2024-12601Dec 17, 2024risk 0.00cvss —epss 0.01
The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple…
- CVE-2024-9940Oct 17, 2024risk 0.00cvss —epss 0.00
The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject…
- CVE-2024-35735Jun 10, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.
- CVE-2024-33543Jun 9, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06.
- CVE-2024-35734Jun 8, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10.
- CVE-2023-48318Jun 4, 2024risk 0.00cvss —epss 0.00
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41.
- CVE-2023-28494Jun 4, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31.
- CVE-2023-27460Jun 3, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34.
- CVE-2023-26523Jun 3, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120.
- CVE-2023-5955Dec 11, 2023risk 0.00cvss —epss 0.00
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
- CVE-2023-2718Jun 12, 2023risk 0.00cvss —epss 0.01
The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.
- CVE-2023-23971Apr 6, 2023risk 0.00cvss —epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions.
- CVE-2022-43482Nov 18, 2022risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
Page 1 of 2