CVE-2025-39562 WordPress Payment Form for PayPal Pro plugin <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue affects Payment Form for PayPal Pro: from n/a through = 1.1.72...

PT-2025-17183 · Codepeople · Codepeople Payment Form For Paypal Pro

Name of the Vulnerable Software and Affected Versions: codepeople Payment Form for PayPal Pro versions 1.1.72 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that ...

CVE-2025-24626

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through = 1.1.19...

CVE-2025-24672

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through = 1.2.41...

CVE-2024-47297

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Polls cp-polls allows Reflected XSS.This issue affects CP Polls: from n/a through = 1.0.74...

CVE-2024-29759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54...

CVE-2024-33543

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06...

CVE-2024-35734

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10...

CVE-2025-24626

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Music Store music-store allows Reflected XSS.This issue affects Music Store: from n/a through = 1.1.19...

CVE-2025-24626

CVE-2025-24626 refers to a WordPress Music Store plugin vulnerability (Music Store

PT-2025-5454 · Codepeople · Codepeople Music Store

Name of the Vulnerable Software and Affected Versions: CodePeople Music Store versions 1.1.19 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables attackers to inject malicio...

CVE-2025-24727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Contact Form Email allows Stored XSS. This issue affects Contact Form Email: from n/a through 1.3.52...

CVE-2025-24723

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through = 1.2.55...

CVE-2025-24727

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Contact Form Email contact-form-to-email allows Stored XSS.This issue affects Contact Form Email: from n/a through = 1.3.52...

CVE-2025-24672

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through = 1.2.41...

CVE-2025-24723 WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through = 1.2.55...

CVE-2025-24723 WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodePeople Booking Calendar Contact Form allows Stored XSS. This issue affects Booking Calendar Contact Form: from n/a through 1.2.55...

CVE-2025-24672

CVE-2025-24672: SQL Injection in WordPress Form Builder CP plugin (Form Builder CP) affecting versions n/a through 1.2.41. The vulnerability originates from improper neutralization of input in SQL commands, enabling injection. CVSSv3.1 base score 8.5 (High) with network attack vector, low attack ...

CVE-2025-24672 WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through = 1.2.41...

PT-2025-5537 · Codepeople · Codepeople Booking Calendar Contact Form

Name of the Vulnerable Software and Affected Versions: CodePeople Booking Calendar Contact Form versions 1.2.55 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means tha...