Vulnerabilities > Codepeople
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-09 | CVE-2019-14791 | Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar 1.3.18 The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | 6.1 |
2019-08-09 | CVE-2019-14785 | Cross-site Scripting vulnerability in Codepeople CP Contact Form With Paypal The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | 5.4 |
2019-03-10 | CVE-2019-9646 | Cross-site Scripting vulnerability in Codepeople Contact Form Email The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." | 6.1 |
2017-12-27 | CVE-2015-7666 | Cross-site Scripting vulnerability in Codepeople Payment Form for Paypal PRO 1.0.1 Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter. | 6.1 |
2017-09-30 | CVE-2015-9233 | Cross-Site Request Forgery (CSRF) vulnerability in Codepeople CP Contact Form With Paypal The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | 8.8 |