Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CodePeople — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting CodePeople. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Codepeople operates as a provider of enterprise software solutions, primarily focusing on human resources and payroll management systems. Historical security audits reveal a significant volume of vulnerabilities, with seventy CVEs currently on record, indicating persistent weaknesses in their development lifecycle. The most prevalent flaw classes include remote code execution and cross-site scripting, which often stem from inadequate input validation and improper session management. Additionally, privilege escalation vulnerabilities have been frequently exploited, allowing unauthorized users to access sensitive administrative functions. These issues suggest a lack of rigorous security testing during the software development phase. While no single catastrophic data breach has been widely publicized as a direct result of these specific CVEs, the high count of critical and high-severity findings poses a substantial risk to client data integrity. Organizations relying on these platforms must prioritize patching and implement strict access controls to mitigate the identified risks effectively.

Top products by CodePeople: Calculated Fields Form WP Time Slots Booking Form Contact Form Email Booking Calendar Contact Form CP Multi View Event Calendar Appointment Hour Booking – Booking Calendar CP Polls Appointment Booking Calendar CP Contact Form with PayPal Form Builder CP Appointment Hour Booking Payment Form for PayPal Pro Music Player for WooCommerce Sell Downloads cp-polls Plugin Music Store CP Image Store with Slideshow Music Store - WordPress eCommerce Search in Place CP Media Player Google Maps CP CP Blocks Appointment Booking Calendar (WordPress plugin) Appointment Hour Booking (WordPress plugin) Corner Ad
CVE IDTitleCVSSSeverityPublished
CVE-2026-6810 Booking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover — Booking Calendar Contact FormCWE-639 5.3 Medium2026-04-24
CVE-2026-32483 WordPress Contact Form Email plugin <= 1.3.63 - Broken Access Control vulnerability — Contact Form EmailCWE-862 6.5 Medium2026-03-25
CVE-2026-25465 WordPress CP Multi View Event Calendar plugin <= 1.4.36 - Cross Site Scripting (XSS) vulnerability — CP Multi View Event CalendarCWE-79 6.5 Medium2026-03-25
CVE-2026-32432 WordPress WP Time Slots Booking Form plugin <= 1.2.42 - Broken Access Control vulnerability — WP Time Slots Booking FormCWE-862 5.3 Medium2026-03-13
CVE-2026-32433 WordPress CP Contact Form with Paypal plugin <= 1.3.61 - SQL Injection vulnerability — CP Contact Form with PaypalCWE-89 8.5 High2026-03-13
CVE-2026-3986 Calculated Fields Form <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings — Calculated Fields FormCWE-79 6.4 Medium2026-03-13
CVE-2026-25368 WordPress Calculated Fields Form plugin <= 5.4.4.1 - Broken Access Control vulnerability — Calculated Fields FormCWE-862 6.5 Medium2026-02-19
CVE-2026-1083 Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration — Appointment Hour Booking – Booking CalendarCWE-79 4.4 Medium2026-01-28
CVE-2026-0684 CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import — CP Image Store with SlideshowCWE-863 4.3 Medium2026-01-13
CVE-2025-68850 WordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerability — Sell DownloadsCWE-862 7.5 High2026-01-05
CVE-2025-68569 WordPress WP Time Slots Booking Form plugin <= 1.2.39 - Broken Access Control vulnerability — WP Time Slots Booking FormCWE-862 6.5 Medium2025-12-24
CVE-2025-10019 WordPress Contact Form Email plugin <= 1.3.60 - Insecure Direct Object References (IDOR) vulnerability — Contact Form EmailCWE-639 6.5 Medium2025-12-18
CVE-2025-13318 Booking Calendar Contact Form <= 1.2.60 - Missing Authorization to Unauthenticated Arbitrary Booking Confirmation via 'dex_bccf_ipn' Parameter — Booking Calendar Contact FormCWE-862 5.3 Medium2025-11-22
CVE-2025-13384 CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation — CP Contact Form with PayPalCWE-862 7.5 High2025-11-22
CVE-2025-13317 Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter — Appointment Booking CalendarCWE-862 5.3 Medium2025-11-22
CVE-2025-64369 WordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerability — Contact Form EmailCWE-862 6.5 Medium2025-11-13
CVE-2025-64261 WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability — Appointment Booking CalendarCWE-862 5.4 Medium2025-11-13
CVE-2025-58009 WordPress CP Multi View Event Calendar plugin <= 1.4.35 - Broken Access Control vulnerability — CP Multi View Event CalendarCWE-862 3.8 Low2025-09-22
CVE-2025-48231 WordPress Booking Calendar Contact Form plugin <= 1.2.58 - Cross Site Scripting (XSS) Vulnerability — Booking Calendar Contact FormCWE-79 6.5 Medium2025-07-04
CVE-2025-50025 WordPress CP Polls plugin <= 1.0.81 - Cross Site Scripting (XSS) vulnerability — CP PollsCWE-79 5.9 Medium2025-06-20
CVE-2025-49332 WordPress WP Time Slots Booking Form plugin <= 1.2.30 - Cross Site Request Forgery (CSRF) Vulnerability — WP Time Slots Booking FormCWE-352 4.3 Medium2025-06-06
CVE-2025-49291 WordPress Calculated Fields Form plugin <= 5.3.58 - Cross Site Request Forgery (CSRF) Vulnerability — Calculated Fields FormCWE-352 4.3 Medium2025-06-06
CVE-2025-47472 WordPress Music Player for WooCommerce plugin <= 1.5.1 - Broken Access Control Vulnerability — Music Player for WooCommerceCWE-862 5.4 Medium2025-05-07
CVE-2025-46247 WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability — Appointment Booking CalendarCWE-862 5.3 Medium2025-04-22
CVE-2025-46241 WordPress Appointment Booking Calendar plugin <= 1.3.92 - CSRF to SQL Injection vulnerability — Appointment Booking CalendarCWE-352 8.2 High2025-04-22
CVE-2025-39562 WordPress Payment Form for PayPal Pro plugin <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability — Payment Form for PayPal ProCWE-79 5.9 Medium2025-04-17
CVE-2024-13758 CP Contact Form with PayPal <= 1.3.52 - Cross-Site Request Forgery — CP Contact Form with PayPalCWE-352 6.5 Medium2025-01-30
CVE-2025-24626 WordPress Music Store – WordPress eCommerce Plugin <= 1.1.19 - Reflected Cross Site Scripting (XSS) vulnerability — Music StoreCWE-79 7.1 High2025-01-27
CVE-2025-24723 WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability — Booking Calendar Contact FormCWE-79 5.9 Medium2025-01-24
CVE-2025-24727 WordPress Contact Form to Email Plugin <= 1.3.52 - Cross Site Scripting (XSS) vulnerability — Contact Form EmailCWE-79 5.9 Medium2025-01-24

This page lists every published CVE security advisory associated with CodePeople. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.