238 matches found
CVE-2024-31941
Cross-Site Request Forgery CSRF vulnerability in CodePeople CP Media Player.This issue affects CP Media Player: from n/a through 1.1.3...
CVE-2024-35735
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11...
CVE-2023-26521
Missing Authorization vulnerability in CodePeople Search in Place allows Functionality Misuse.This issue affects Search in Place: from n/a through 1.0.104...
CVE-2023-23971
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CodePeople WP Time Slots Booking Form plugin = 1.1.81 versions...
CVE-2023-36384
Unauth. Reflected Cross-Site Scripting XSS vulnerability in CodePeople Booking Calendar Contact Form plugin = 1.2.40 versions...
CVE-2023-41732
Cross-Site Request Forgery CSRF vulnerability in CodePeople CP Blocks plugin = 1.0.20 versions...
CVE-2023-48318
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41...
CVE-2023-28494
Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31...
CVE-2023-27460
Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34...
CVE-2023-26523
Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120...
CVE-2023-51517
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28...
CVE-2023-45649
Missing Authorization vulnerability in codepeople Appointment Hour Booking appointment-hour-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through = 1.4.23...
CVE-2023-25037
Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34...
CVE-2022-41790
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76...
CVE-2014-125091
A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely...
CVE-2025-47472 WordPress Music Player for WooCommerce plugin <= 1.5.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Player for WooCommerce: from n/a through = 1.5.1...
PT-2025-20103 · Codepeople · Codepeople Music Player For Woocommerce
Name of the Vulnerable Software and Affected Versions: codepeople Music Player for WooCommerce versions 1.5.1 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels...
CVE-2025-46247 WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through = 1.3.92...
CVE-2025-46241
CVE-2025-46241 refers to a CSRF to SQL Injection vulnerability in the WordPress plugin “Appointment Booking Calendar” by codepeople, affecting versions up to 1.3.92. The issue enables CSRF to potentially trigger SQL injection on vulnerable endpoints, with high impact as per CVSS metrics (high con...
PT-2025-17512 · Codepeople · Codepeople Appointment Booking Calendar
Name of the Vulnerable Software and Affected Versions: codepeople Appointment Booking Calendar versions 1.3.92 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For...