Lucene search
K

244 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:5 a.m.5 views

CVE-2014-125091

A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely...

9.8CVSS8.3AI score0.00788EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 2:19 p.m.29 views

CVE-2025-47472 WordPress Music Player for WooCommerce plugin <= 1.5.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Player for WooCommerce: from n/a through = 1.5.1...

5.4CVSS0.00273EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.9 views

PT-2025-20103 · Codepeople · Codepeople Music Player For Woocommerce

Name of the Vulnerable Software and Affected Versions: codepeople Music Player for WooCommerce versions 1.5.1 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels...

5.4CVSS6.2AI score0.00273EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/22 9:53 a.m.27 views

CVE-2025-46247 WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability

Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointment Booking Calendar: from n/a through = 1.3.92...

5.3CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2025/04/22 9:53 a.m.63 views

CVE-2025-46241

CVE-2025-46241 refers to a CSRF to SQL Injection vulnerability in the WordPress plugin “Appointment Booking Calendar” by codepeople, affecting versions up to 1.3.92. The issue enables CSRF to potentially trigger SQL injection on vulnerable endpoints, with high impact as per CVSS metrics (high con...

8.8CVSS7.3AI score0.0016EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.5 views

PT-2025-17512 · Codepeople · Codepeople Appointment Booking Calendar

Name of the Vulnerable Software and Affected Versions: codepeople Appointment Booking Calendar versions 1.3.92 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For...

9.8CVSS9.1AI score0.00322EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/04/17 3:46 p.m.16 views

CVE-2025-39562 WordPress Payment Form for PayPal Pro plugin <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue affects Payment Form for PayPal Pro: from n/a through = 1.1.72...

5.9CVSS0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.3 views

PT-2025-17183 · Codepeople · Codepeople Payment Form For Paypal Pro

Name of the Vulnerable Software and Affected Versions: codepeople Payment Form for PayPal Pro versions 1.1.72 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that ...

5.9CVSS9.1AI score0.00182EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/06 2:33 a.m.17 views

CVE-2025-24626

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through = 1.1.19...

7.1CVSS7.2AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:32 a.m.16 views

CVE-2025-24672

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through = 1.2.41...

8.5CVSS7.3AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:28 a.m.7 views

CVE-2024-47297

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Polls cp-polls allows Reflected XSS.This issue affects CP Polls: from n/a through = 1.0.74...

7.1CVSS5.9AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:55 a.m.7 views

CVE-2024-29759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54...

7.1CVSS8.6AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:39 a.m.21 views

CVE-2024-33543

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06...

7.5CVSS6.9AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:14 p.m.14 views

CVE-2024-35734

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10...

7.1CVSS6.7AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 2025/01/27 3:15 p.m.39 views

CVE-2025-24626

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through = 1.1.19...

7.1CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2025/01/27 2:22 p.m.60 views

CVE-2025-24626

CVE-2025-24626 refers to a WordPress Music Store plugin vulnerability (Music Store

7.1CVSS7.2AI score0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.5 views

PT-2025-5454 · Codepeople · Codepeople Music Store

Name of the Vulnerable Software and Affected Versions: CodePeople Music Store versions 1.1.19 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables attackers to inject malicio...

7.1CVSS9.4AI score0.00246EPSS
Exploits0References3
NVD
NVD
added 2025/01/24 6:15 p.m.27 views

CVE-2025-24723

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through = 1.2.55...

5.9CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 2025/01/24 6:15 p.m.15 views

CVE-2025-24727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through = 1.3.52...

5.9CVSS0.00303EPSS
Exploits0References1
OSV
OSV
added 2025/01/24 6:15 p.m.3 views

CVE-2025-24727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Contact Form Email allows Stored XSS. This issue affects Contact Form Email: from n/a through 1.3.52...

4.8CVSS7.3AI score0.00303EPSS
Exploits0References1
Rows per page
Query Builder