Latepoint

Latepoint

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-49083

  • EPSS 0.29%
  • Veröffentlicht 15.06.2026 20:19:17
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.

4.3

CVE-2026-5365

  • EPSS 0.11%
  • Veröffentlicht 14.05.2026 06:44:11
  • Zuletzt bearbeitet 14.05.2026 14:28:41

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request_cancellation() function. This makes it possible for unauthenticated att...

5.3

CVE-2026-7652

  • EPSS 0.72%
  • Veröffentlicht 09.05.2026 02:25:39
  • Zuletzt bearbeitet 11.05.2026 15:11:48

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the save_connected_wordpress_user() function pr...

6.4

CVE-2026-7457

  • EPSS 0.34%
  • Veröffentlicht 06.05.2026 08:16:04
  • Zuletzt bearbeitet 06.05.2026 13:06:42

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters (fir...

5.3

CVE-2026-5234

  • EPSS 0.69%
  • Veröffentlicht 17.04.2026 03:36:44
  • Zuletzt bearbeitet 22.04.2026 20:22:50

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::create_payment_intent_for_transaction action is register...

6.5

CVE-2026-32533

  • EPSS 0.17%
  • Veröffentlicht 25.03.2026 16:15:09
  • Zuletzt bearbeitet 29.04.2026 10:17:19

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through <= 5.2.6.

8.2

CVE-2025-7038

  • EPSS 0.39%
  • Veröffentlicht 30.09.2025 11:37:43
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint...

8.8

CVE-2025-7052

  • EPSS 0.2%
  • Veröffentlicht 30.09.2025 11:37:43
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the change_password() function of its customer_cabinet__change_password AJAX route...

5.5

CVE-2025-6815

  • EPSS 0.24%
  • Veröffentlicht 30.09.2025 11:37:42
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘service[name]’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitizatio...

6.5

CVE-2025-30836

  • EPSS 0.31%
  • Veröffentlicht 27.03.2025 10:55:21
  • Zuletzt bearbeitet 23.04.2026 15:27:09

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint latepoint allows Stored XSS.This issue affects LatePoint: from n/a through <= 5.1.6.