Vulnerabilities > Codepeople

DATE CVE VULNERABILITY TITLE RISK
2019-08-27 CVE-2015-9346 Cross-site Scripting vulnerability in Codepeople Polls CP
The cp-polls plugin before 1.0.5 for WordPress has XSS.
network
low complexity
codepeople CWE-79
6.1
6.1
2019-08-27 CVE-2014-10395 Cross-site Scripting vulnerability in Codepeople Polls CP
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.
network
low complexity
codepeople CWE-79
6.1
6.1
2019-08-22 CVE-2016-10916 SQL Injection vulnerability in Codepeople Appointment Booking Calendar
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
network
low complexity
codepeople CWE-89
critical
 9.8
9.8
2019-08-21 CVE-2016-10909 SQL Injection vulnerability in Codepeople Booking Calendar Contact Form
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.
network
low complexity
codepeople CWE-89
critical
 9.8
9.8
2019-08-21 CVE-2016-10908 Cross-site Scripting vulnerability in Codepeople Booking Calendar Contact Form
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS.
network
low complexity
codepeople CWE-79
6.1
6.1
2019-08-15 CVE-2019-14784 Cross-site Scripting vulnerability in Codepeople CP Contact Form With Paypal
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.
network
low complexity
codepeople CWE-79
6.1
6.1
2019-08-13 CVE-2018-20964 Cross-Site Request Forgery (CSRF) vulnerability in Codepeople Contact Form Email
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
network
low complexity
codepeople CWE-352
8.8
8.8
2019-08-13 CVE-2018-20963 Cross-site Scripting vulnerability in Codepeople Contact Form Email
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.
network
low complexity
codepeople CWE-79
6.1
6.1
2019-08-09 CVE-2019-14791 Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar 1.3.18
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
network
low complexity
codepeople CWE-79
6.1
6.1
2019-08-09 CVE-2019-14785 Cross-site Scripting vulnerability in Codepeople CP Contact Form With Paypal
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter.
network
low complexity
codepeople CWE-79
5.4
5.4