Browse all 70 CVE security advisories affecting CodePeople. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Codepeople operates as a provider of enterprise software solutions, primarily focusing on human resources and payroll management systems. Historical security audits reveal a significant volume of vulnerabilities, with seventy CVEs currently on record, indicating persistent weaknesses in their development lifecycle. The most prevalent flaw classes include remote code execution and cross-site scripting, which often stem from inadequate input validation and improper session management. Additionally, privilege escalation vulnerabilities have been frequently exploited, allowing unauthorized users to access sensitive administrative functions. These issues suggest a lack of rigorous security testing during the software development phase. While no single catastrophic data breach has been widely publicized as a direct result of these specific CVEs, the high count of critical and high-severity findings poses a substantial risk to client data integrity. Organizations relying on these platforms must prioritize patching and implement strict access controls to mitigate the identified risks effectively.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-24672 | WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability — Form Builder CPCWE-89 | 8.5 | High | 2025-01-24 |
| CVE-2024-13680 | Form Builder CP <= 1.2.41 - Authenticated (Contributor+) SQL Injection — Form Builder CPCWE-89 | 6.5 | Medium | 2025-01-24 |
This page lists every published CVE security advisory associated with CodePeople. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.