Vulnerabilities > Codepeople > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-04 | CVE-2020-9371 | Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. | 4.8 |
| 2019-09-17 | CVE-2016-10992 | Cross-site Scripting vulnerability in Codepeople Music Store The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. | 4.3 |
| 2019-08-27 | CVE-2015-9348 | Improper Input Validation vulnerability in Codepeople Sell Downloads The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. | 5.0 |
| 2019-08-27 | CVE-2015-9346 | Cross-site Scripting vulnerability in Codepeople Polls CP The cp-polls plugin before 1.0.5 for WordPress has XSS. | 4.3 |
| 2019-08-27 | CVE-2014-10395 | Cross-site Scripting vulnerability in Codepeople Polls CP The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. | 4.3 |
| 2019-08-21 | CVE-2016-10908 | Cross-site Scripting vulnerability in Codepeople Booking Calendar Contact Form The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS. | 4.3 |
| 2019-08-15 | CVE-2019-14784 | Cross-site Scripting vulnerability in Codepeople CP Contact Form With Paypal The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. | 4.3 |
| 2019-08-13 | CVE-2018-20964 | Cross-Site Request Forgery (CSRF) vulnerability in Codepeople Contact Form Email The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. | 6.8 |
| 2019-08-13 | CVE-2018-20963 | Cross-site Scripting vulnerability in Codepeople Contact Form Email The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. | 4.3 |
| 2019-08-09 | CVE-2019-14791 | Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar 1.3.18 The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | 4.3 |