CVE-2023-23971

Summary: CVE-2023-23971 affects the CodePeople WP Time Slots Booking Form WordPress plugin (versions ≤ 1.1.81). The root cause is an authenticated stored XSS due to insufficient sanitization/escaping in plugin settings, enabling an admin+ user to inject scripts that could be executed by other use...

PT-2023-19326 · Codepeople · Codepeople Wp Time Slots Booking Form

Name of the Vulnerable Software and Affected Versions: CodePeople WP Time Slots Booking Form plugin versions = 1.1.81 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin or higher privileges can inject malicio...

CVE-2014-125091

A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely...

Sql injection

A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely...

CVE-2014-125091 codepeople cp-polls Plugin cp-admin-int-message-list.inc.php sql injection

A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely...

CVE-2014-125091 codepeople cp-polls Plugin cp-admin-int-message-list.inc.php sql injection

A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely...

CVE-2014-125091

The CVE-2014-125091 entry concerns the codepeople cp-polls Plugin for WordPress (version 1.0.1). The vulnerability exists in the file cp-admin-int-message-list.inc.php and is triggered by manipulating the lu parameter to induce SQL injection. It is exploitable remotely, with upgrading to version ...

PT-2023-10159 · Codepeople · Codepeople Cp-Polls Plugin

Name of the Vulnerable Software and Affected Versions: codepeople cp-polls Plugin version 1.0.1 Description: A critical issue has been found in the codepeople cp-polls Plugin, affecting unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the lu argument leads to sql...

PT-2022-14050

Name of the Vulnerable Software and Affected Versions CP Image Store with Slideshow WordPress plugin versions prior to 1.0.68 Description The issue allows unauthenticated users to perform an SQL injection attack due to the lack of sanitization and escaping of the ordering by query parameter in SQ...

WordPress CodePeople Payment Form for PayPal Pro SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress CodePeople Payment Form for PayPal Pro suffers from a SQL injection vulnerability that can be...

CVE-2020-14092

The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection...

CVE-2020-14092

The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection...

Sql injection

The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection...

CVE-2020-14092

The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection...

CVE-2020-14092

Summary: CVE-2020-14092 affects the WordPress plugin “CodePeople Payment Form for PayPal Pro” up to version 1.1.65. The vulnerability is an SQL injection via the vulnerable plugin’s query parameter, allowing unauthenticated attackers to execute arbitrary SQL and have results output in JSON. The C...

WordPress Appointment Booking Calendar 1.3.34 CSV Injection

Exploit Title: Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Google Dork: N/A Date: 2020-03-05 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.codepeople.net/ Software Link: https://downloads.wordpress.org/plugin/appointment-booking-calendar.zip Version:...

WordPress Booking Calendar Contact Form 1.1.24 Plugin - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress appointment-booking-calendar =1.1.24 - Privilege escalation Managing calendars & Persistent XSS Date: 2016-01-28 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin...

WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection

Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Shortcode SQL injection Date: 2016-01-24 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0 security-lab Software Link:...