244 matches found
CVE-2014-125091
A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely...
CVE-2025-47472 WordPress Music Player for WooCommerce plugin <= 1.5.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Player for WooCommerce: from n/a through = 1.5.1...
PT-2025-20103 · Codepeople · Codepeople Music Player For Woocommerce
Name of the Vulnerable Software and Affected Versions: codepeople Music Player for WooCommerce versions 1.5.1 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels...
CVE-2025-46247 WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through = 1.3.92...
CVE-2025-46241
CVE-2025-46241 refers to a CSRF to SQL Injection vulnerability in the WordPress plugin “Appointment Booking Calendar” by codepeople, affecting versions up to 1.3.92. The issue enables CSRF to potentially trigger SQL injection on vulnerable endpoints, with high impact as per CVSS metrics (high con...
PT-2025-17512 · Codepeople · Codepeople Appointment Booking Calendar
Name of the Vulnerable Software and Affected Versions: codepeople Appointment Booking Calendar versions 1.3.92 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For...
CVE-2025-39562 WordPress Payment Form for PayPal Pro plugin <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue affects Payment Form for PayPal Pro: from n/a through = 1.1.72...
PT-2025-17183 · Codepeople · Codepeople Payment Form For Paypal Pro
Name of the Vulnerable Software and Affected Versions: codepeople Payment Form for PayPal Pro versions 1.1.72 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that ...
CVE-2025-24626
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through = 1.1.19...
CVE-2025-24672
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through = 1.2.41...
CVE-2024-47297
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Polls cp-polls allows Reflected XSS.This issue affects CP Polls: from n/a through = 1.0.74...
CVE-2024-29759
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54...
CVE-2024-33543
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06...
CVE-2024-35734
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10...
CVE-2025-24626
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through = 1.1.19...
CVE-2025-24626
CVE-2025-24626 refers to a WordPress Music Store plugin vulnerability (Music Store
PT-2025-5454 · Codepeople · Codepeople Music Store
Name of the Vulnerable Software and Affected Versions: CodePeople Music Store versions 1.1.19 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables attackers to inject malicio...
CVE-2025-24723
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through = 1.2.55...
CVE-2025-24727
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through = 1.3.52...
CVE-2025-24727
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Contact Form Email allows Stored XSS. This issue affects Contact Form Email: from n/a through 1.3.52...