Vulnerabilities > Codepeople

DATE CVE VULNERABILITY TITLE RISK
2025-01-24 CVE-2025-24727 Cross-site Scripting vulnerability in Codepeople Contact Form Email
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Contact Form Email allows Stored XSS.
network
low complexity
codepeople CWE-79
4.8
2025-01-24 CVE-2024-13680 SQL Injection vulnerability in Codepeople Form Builder CP
The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CP_EASY_FORM_WILL_APPEAR_HERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
codepeople CWE-89
6.5
2024-12-09 CVE-2023-23895 Missing Authorization vulnerability in Codepeople WP Time Slots Booking Form
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82.
network
low complexity
codepeople CWE-862
7.2
2024-06-10 CVE-2024-35735 Unspecified vulnerability in Codepeople WP Time Slots Booking Form
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.
network
low complexity
codepeople
critical
9.8
2024-06-09 CVE-2024-33543 Unspecified vulnerability in Codepeople WP Time Slots Booking Form
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06.
network
low complexity
codepeople
7.5
2024-06-08 CVE-2024-35734 Unspecified vulnerability in Codepeople WP Time Slots Booking Form
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10.
network
low complexity
codepeople
6.1
2024-06-07 CVE-2024-36082 SQL Injection vulnerability in Codepeople Music Store
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands.
network
low complexity
codepeople CWE-89
6.5
2024-06-04 CVE-2023-48318 Improper Restriction of Excessive Authentication Attempts vulnerability in Codepeople Contact Form Email
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41.
network
low complexity
codepeople CWE-307
6.5
2024-06-04 CVE-2023-28494 Unspecified vulnerability in Codepeople Contact Form Email
Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31.
network
low complexity
codepeople
4.3
2024-06-03 CVE-2023-26523 Unspecified vulnerability in Codepeople Calculated Fields Form
Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120.
network
low complexity
codepeople
4.3