codepeople
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting codepeople.
- CVE-2026-12111Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter4.3
- CVE-2026-48882WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability8.5
- CVE-2026-40791WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability7.1
- CVE-2026-6810Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover5.3
- CVE-2026-32483WordPress Contact Form Email plugin <= 1.3.63 - Broken Access Control vulnerability6.5
- CVE-2026-25465WordPress CP Multi View Event Calendar plugin <= 1.4.36 - Cross Site Scripting (XSS) vulnerability6.5
- CVE-2026-32433WordPress CP Contact Form with Paypal plugin <= 1.3.61 - SQL Injection vulnerability8.5
- CVE-2026-32432WordPress WP Time Slots Booking Form plugin <= 1.2.42 - Broken Access Control vulnerability5.3
- CVE-2026-3986Calculated Fields Form <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings6.4
- CVE-2026-25368WordPress Calculated Fields Form plugin <= 5.4.4.1 - Broken Access Control vulnerability6.5
- CVE-2026-1083Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration4.4
- CVE-2026-0684CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import4.3
- CVE-2025-68850WordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerability7.5
- CVE-2025-68569WordPress WP Time Slots Booking Form plugin <= 1.2.39 - Broken Access Control vulnerability6.5
- CVE-2025-10019WordPress Contact Form Email plugin <= 1.3.60 - Insecure Direct Object References (IDOR) vulnerability6.5