Vulnerabilities > Codepeople
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-21 | CVE-2016-10909 | SQL Injection vulnerability in Codepeople Booking Calendar Contact Form The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. | 7.5 |
| 2019-08-21 | CVE-2016-10908 | Cross-site Scripting vulnerability in Codepeople Booking Calendar Contact Form The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS. | 4.3 |
| 2019-08-15 | CVE-2019-14784 | Cross-site Scripting vulnerability in Codepeople CP Contact Form With Paypal The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. | 4.3 |
| 2019-08-13 | CVE-2018-20964 | Cross-Site Request Forgery (CSRF) vulnerability in Codepeople Contact Form Email The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | 6.8 |
| 2019-08-13 | CVE-2018-20963 | Cross-site Scripting vulnerability in Codepeople Contact Form Email The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. | 4.3 |
| 2019-08-09 | CVE-2019-14791 | Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar 1.3.18 The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | 4.3 |
| 2019-08-09 | CVE-2019-14785 | Cross-site Scripting vulnerability in Codepeople CP Contact Form With Paypal The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | 3.5 |
| 2019-03-10 | CVE-2019-9646 | Cross-site Scripting vulnerability in Codepeople Contact Form Email The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." | 4.3 |
| 2017-12-27 | CVE-2015-7666 | Cross-site Scripting vulnerability in Codepeople Payment Form for Paypal PRO 1.0.1 Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter. | 4.3 |
| 2017-09-30 | CVE-2015-9233 | Cross-Site Request Forgery (CSRF) vulnerability in Codepeople CP Contact Form With Paypal The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | 6.8 |