Vulnerabilities > Codepeople > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-22 | CVE-2025-46241 | Cross-Site Request Forgery (CSRF) vulnerability in Codepeople Appointment Booking Calendar Cross-Site Request Forgery (CSRF) vulnerability in codepeople Appointment Booking Calendar allows SQL Injection. | 8.8 |
| 2024-12-09 | CVE-2023-23895 | Missing Authorization vulnerability in Codepeople WP Time Slots Booking Form Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82. | 7.2 |
| 2024-06-09 | CVE-2024-33543 | Unspecified vulnerability in Codepeople WP Time Slots Booking Form Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06. | 7.5 |
| 2024-06-03 | CVE-2023-27460 | Unspecified vulnerability in Codepeople CP Contact Form With Paypal Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34. | 8.8 |
| 2024-01-17 | CVE-2022-41790 | Unspecified vulnerability in Codepeople WP Time Slots Booking Form Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76. | 8.8 |
| 2022-11-18 | CVE-2022-43482 | Missing Authorization vulnerability in Codepeople Appointment Booking Calendar Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress. | 8.8 |
| 2020-03-04 | CVE-2020-9372 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codepeople Appointment Booking Calendar The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. | 7.8 |
| 2019-08-27 | CVE-2015-9348 | Improper Input Validation vulnerability in Codepeople Sell Downloads The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. | 7.5 |
| 2019-08-13 | CVE-2018-20964 | Cross-Site Request Forgery (CSRF) vulnerability in Codepeople Contact Form Email The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | 8.8 |
| 2017-09-30 | CVE-2015-9233 | Cross-Site Request Forgery (CSRF) vulnerability in Codepeople CP Contact Form With Paypal The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | 8.8 |