Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CodePeople — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting CodePeople. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Codepeople operates as a provider of enterprise software solutions, primarily focusing on human resources and payroll management systems. Historical security audits reveal a significant volume of vulnerabilities, with seventy CVEs currently on record, indicating persistent weaknesses in their development lifecycle. The most prevalent flaw classes include remote code execution and cross-site scripting, which often stem from inadequate input validation and improper session management. Additionally, privilege escalation vulnerabilities have been frequently exploited, allowing unauthorized users to access sensitive administrative functions. These issues suggest a lack of rigorous security testing during the software development phase. While no single catastrophic data breach has been widely publicized as a direct result of these specific CVEs, the high count of critical and high-severity findings poses a substantial risk to client data integrity. Organizations relying on these platforms must prioritize patching and implement strict access controls to mitigate the identified risks effectively.

Top products by CodePeople: Calculated Fields Form WP Time Slots Booking Form Contact Form Email Booking Calendar Contact Form CP Multi View Event Calendar Appointment Hour Booking – Booking Calendar CP Polls Appointment Booking Calendar CP Contact Form with PayPal Form Builder CP Appointment Hour Booking Payment Form for PayPal Pro Music Player for WooCommerce Sell Downloads cp-polls Plugin Music Store CP Image Store with Slideshow Music Store - WordPress eCommerce Search in Place CP Media Player Google Maps CP CP Blocks Appointment Booking Calendar (WordPress plugin) Appointment Hour Booking (WordPress plugin) Corner Ad
CVE IDTitleCVSSSeverityPublished
CVE-2023-41732 WordPress CP Blocks Plugin <= 1.0.20 is vulnerable to Cross Site Request Forgery (CSRF) — CP BlocksCWE-352 5.4 Medium2023-10-06
CVE-2023-36384 WordPress Booking Calendar Contact Form Plugin <= 1.2.40 is vulnerable to Cross Site Scripting (XSS) — Booking Calendar Contact FormCWE-79 7.1 High2023-07-18
CVE-2023-23971 WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS) — WP Time Slots Booking FormCWE-79 5.9 Medium2023-04-06
CVE-2014-125091 codepeople cp-polls Plugin cp-admin-int-message-list.inc.php sql injection — cp-polls PluginCWE-89 4.7 Medium2023-03-04
CVE-2022-3427 Corner Ad <= 1.0.56 - Cross-Site Request Forgery — Corner AdCWE-352 8.8 High2022-12-15
CVE-2022-4036 Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass — Appointment Hour Booking – Booking CalendarCWE-804 5.3 Medium2022-11-29
CVE-2022-4035 Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form — Appointment Hour Booking – Booking CalendarCWE-79 7.2 High2022-11-29
CVE-2022-4034 Appointment Hour Booking <= 1.3.72 - CSV Injection — Appointment Hour Booking – Booking CalendarCWE-1236 5.8 Medium2022-11-29
CVE-2022-43482 WordPress Appointment Booking Calendar plugin <= 1.3.69 - Missing Authorization vulnerability — Appointment Booking Calendar (WordPress plugin)CWE-862 4.3 Medium2022-11-18
CVE-2022-41692 WordPress Appointment Hour Booking plugin <= 1.3.71 - Missing Authorization vulnerability — Appointment Hour Booking (WordPress plugin)CWE-862 4.3 Medium2022-11-18

This page lists every published CVE security advisory associated with CodePeople. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.