Shodan
Vulnerabilities
Vulnerable Software
Codepeople:  Security Vulnerabilities
CVE-2021-42361
The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-11-17
CVE-2020-9371
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
CVSS Score
4.8
EPSS Score
0.007
Published
2020-03-04
CVE-2020-9372
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.
CVSS Score
7.8
EPSS Score
0.193
Published
2020-03-04
CVE-2020-7228
The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-01-22
CVE-2016-10992
The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-17
CVE-2015-9348
The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-08-27
CVE-2014-10395
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
CVE-2015-9346
The cp-polls plugin before 1.0.5 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
CVE-2016-10916
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-22
CVE-2016-10908
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved