Filtered by vendor Codepeople Subscriptions
Filtered by product Booking Calendar Contact Form Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-13318 2 Codepeople, Wordpress 2 Booking Calendar Contact Form, Wordpress 2025-11-24 5.3 Medium
The Booking Calendar Contact Form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.60. This is due to missing authorization checks and payment verification in the `dex_bccf_check_IPN_verification` function. This makes it possible for unauthenticated attackers to arbitrarily confirm bookings and bypass payment requirements via the 'dex_bccf_ipn' parameter.
CVE-2025-48231 2 Codepeople, Wordpress 2 Booking Calendar Contact Form, Wordpress 2025-07-14 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form allows Stored XSS. This issue affects Booking Calendar Contact Form: from n/a through 1.2.58.
CVE-2025-24723 2 Codepeople, Wordpress 2 Booking Calendar Contact Form, Wordpress 2025-07-13 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Booking Calendar Contact Form allows Stored XSS. This issue affects Booking Calendar Contact Form: from n/a through 1.2.55.
CVE-2023-25037 2 Codepeople, Wordpress 2 Booking Calendar Contact Form, Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34.
CVE-2016-10909 1 Codepeople 1 Booking Calendar Contact Form 2024-11-21 N/A
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.
CVE-2016-10908 1 Codepeople 1 Booking Calendar Contact Form 2024-11-21 N/A
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS.