Vulnerabilities > Codepeople

DATE CVE VULNERABILITY TITLE RISK
2019-09-17 CVE-2016-10992 Cross-site Scripting vulnerability in Codepeople Music Store 1.0.141
The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.
network
low complexity
codepeople CWE-79
6.1
2019-08-27 CVE-2015-9348 Improper Input Validation vulnerability in Codepeople Sell Downloads
The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.
network
low complexity
codepeople CWE-20
7.5
2019-08-27 CVE-2015-9346 Cross-site Scripting vulnerability in Codepeople Polls CP
The cp-polls plugin before 1.0.5 for WordPress has XSS.
network
low complexity
codepeople CWE-79
6.1
2019-08-27 CVE-2014-10395 Cross-site Scripting vulnerability in Codepeople Polls CP
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.
network
low complexity
codepeople CWE-79
6.1
2019-08-22 CVE-2016-10916 SQL Injection vulnerability in Codepeople Appointment Booking Calendar
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
network
low complexity
codepeople CWE-89
critical
9.8
2019-08-21 CVE-2016-10909 SQL Injection vulnerability in Codepeople Booking Calendar Contact Form
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.
network
low complexity
codepeople CWE-89
critical
9.8
2019-08-21 CVE-2016-10908 Cross-site Scripting vulnerability in Codepeople Booking Calendar Contact Form
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS.
network
low complexity
codepeople CWE-79
6.1
2019-08-15 CVE-2019-14784 Cross-site Scripting vulnerability in Codepeople CP Contact Form With Paypal
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.
network
low complexity
codepeople CWE-79
6.1
2019-08-13 CVE-2018-20964 Cross-Site Request Forgery (CSRF) vulnerability in Codepeople Contact Form Email
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
network
low complexity
codepeople CWE-352
8.8
2019-08-13 CVE-2018-20963 Cross-site Scripting vulnerability in Codepeople Contact Form Email
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.
network
low complexity
codepeople CWE-79
6.1