Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CodePeople — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting CodePeople. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Codepeople operates as a provider of enterprise software solutions, primarily focusing on human resources and payroll management systems. Historical security audits reveal a significant volume of vulnerabilities, with seventy CVEs currently on record, indicating persistent weaknesses in their development lifecycle. The most prevalent flaw classes include remote code execution and cross-site scripting, which often stem from inadequate input validation and improper session management. Additionally, privilege escalation vulnerabilities have been frequently exploited, allowing unauthorized users to access sensitive administrative functions. These issues suggest a lack of rigorous security testing during the software development phase. While no single catastrophic data breach has been widely publicized as a direct result of these specific CVEs, the high count of critical and high-severity findings poses a substantial risk to client data integrity. Organizations relying on these platforms must prioritize patching and implement strict access controls to mitigate the identified risks effectively.

Top products by CodePeople: Calculated Fields Form WP Time Slots Booking Form Contact Form Email Booking Calendar Contact Form CP Multi View Event Calendar Appointment Hour Booking – Booking Calendar CP Polls Appointment Booking Calendar CP Contact Form with PayPal Form Builder CP Appointment Hour Booking Payment Form for PayPal Pro Music Player for WooCommerce Sell Downloads cp-polls Plugin Music Store CP Image Store with Slideshow Music Store - WordPress eCommerce Search in Place CP Media Player Google Maps CP CP Blocks Appointment Booking Calendar (WordPress plugin) Appointment Hour Booking (WordPress plugin) Corner Ad
CVE IDTitleCVSSSeverityPublished
CVE-2025-24672 WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability — Form Builder CPCWE-89 8.5 High2025-01-24
CVE-2024-13680 Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection — Form Builder CPCWE-89 6.5 Medium2025-01-24
CVE-2023-45649 WordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerability — Appointment Hour BookingCWE-862 5.3 Medium2025-01-02
CVE-2024-12601 Calculated Fields Form <= 5.2.63 - Denial of Service — Calculated Fields FormCWE-400 5.3 Medium2024-12-17
CVE-2023-23814 WordPress Calendar Event Multi View plugin <= 1.4.13 - Broken Access Control vulnerability — CP Multi View Event CalendarCWE-862 3.8 Low2024-12-09
CVE-2023-23895 WordPress WP Time Slots Booking Form plugin <= 1.1.82 - Broken Access Control vulnerability — WP Time Slots Booking FormCWE-862 4.7 Medium2024-12-09
CVE-2023-25037 WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability — Booking Calendar Contact FormCWE-862 4.3 Medium2024-12-09
CVE-2024-9940 Calculated Fields Form <= 5.2.45 - HTML Injection — Calculated Fields FormCWE-75 5.3 Medium2024-10-17
CVE-2024-47297 WordPress Polls CP plugin <= 1.0.74 - Reflected Cross Site Scripting (XSS) vulnerability — CP PollsCWE-79 7.1 High2024-10-06
CVE-2024-35735 WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability — WP Time Slots Booking FormCWE-862 5.3 Medium2024-06-10
CVE-2024-33543 WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability — WP Time Slots Booking FormCWE-862 7.5 High2024-06-09
CVE-2024-35734 WordPress WP Time Slots Booking Form plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability — WP Time Slots Booking FormCWE-79 7.1 High2024-06-08
CVE-2024-36082 WordPress plugin Music Store 安全漏洞 — Music Store - WordPress eCommerce 7.2 -2024-06-07
CVE-2023-48318 WordPress Contact Form Email plugin <= 1.3.41 - Captcha Bypass vulnerability — Contact Form EmailCWE-307 5.3 Medium2024-06-04
CVE-2023-28494 WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability — Contact Form EmailCWE-862 4.3 Medium2024-06-04
CVE-2023-28492 WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability — CP Multi View Event CalendarCWE-862 4.3 Medium2024-06-03
CVE-2023-26523 WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability — Calculated Fields FormCWE-862 4.3 Medium2024-06-03
CVE-2023-26521 WordPress Search in Place plugin <= 1.0.104 - Missing Authorization Leading To Feedback Submission vulnerability — Search in PlaceCWE-862 4.3 Medium2024-06-03
CVE-2024-32720 WordPress Appointment Hour Booking plugin <= 1.4.56 - Captcha Bypass vulnerability — Appointment Hour BookingCWE-307 5.3 Medium2024-05-17
CVE-2024-24873 WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability — CP PollsCWE-799 5.3 Medium2024-05-17
CVE-2024-24874 WordPress Polls CP plugin <= 1.0.71 - Content Injection vulnerability — CP PollsCWE-80 5.3 Medium2024-05-17
CVE-2024-31941 WordPress CP Media Player plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability — CP Media PlayerCWE-352 5.4 Medium2024-04-15
CVE-2024-31302 WordPress Contact Form Email plugin <= 1.3.44 - Sensitive Data Exposure vulnerability — Contact Form EmailCWE-200 5.3 Medium2024-04-10
CVE-2024-29759 WordPress Calculated Fields Form plugin <= 1.2.54 - Reflected Cross Site Scripting (XSS) vulnerability — Calculated Fields FormCWE-79 7.1 High2024-03-27
CVE-2023-25039 WordPress Google Maps CP plugin <= 1.0.43 - Missing Authorization Leading To Feedback Submission Vulnerability — Google Maps CPCWE-862 4.3 Medium2024-03-25
CVE-2024-2020 Calculated Fields Form Professional <= 5.1.56 - Unauthenticated Stored Cross-Site Scripting — Calculated Fields FormCWE-79 7.2 High2024-03-13
CVE-2024-0963 Calculated Fields Form <= 1.2.52 - Authenticated (Contributor+) Stored Cross-Site Scripting — Calculated Fields FormCWE-79 6.4 Medium2024-02-02
CVE-2022-41790 WordPress WP Time Slots Booking Form Plugin <= 1.1.76 is vulnerable to Broken Access Control — WP Time Slots Booking FormCWE-862 4.3 Medium2024-01-17
CVE-2023-6446 Calculated Fields Form <= 1.2.40 - Authenticated (Admin+) Stored Cross-Site Scripting — Calculated Fields FormCWE-87 4.4 Medium2024-01-11
CVE-2023-51517 WordPress Calculated Fields Form Plugin <= 1.2.28 is vulnerable to Open Redirection — Calculated Fields FormCWE-601 4.1 Medium2023-12-29

This page lists every published CVE security advisory associated with CodePeople. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.