Latepoint

Latepoint

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2025-7038

  • EPSS 0.41%
  • Veröffentlicht 30.09.2025 11:37:43
  • Zuletzt bearbeitet 02.10.2025 19:12:42

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint...

8.8

CVE-2025-7052

  • EPSS 0.02%
  • Veröffentlicht 30.09.2025 11:37:43
  • Zuletzt bearbeitet 02.10.2025 19:12:42

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the change_password() function of its customer_cabinet__change_password AJAX route...

5.5

CVE-2025-6815

  • EPSS 0.02%
  • Veröffentlicht 30.09.2025 11:37:42
  • Zuletzt bearbeitet 02.10.2025 19:12:42

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘service[name]’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitizatio...

6.5

CVE-2025-30836

  • EPSS 0.14%
  • Veröffentlicht 27.03.2025 10:55:21
  • Zuletzt bearbeitet 27.03.2025 16:45:12

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint allows Stored XSS. This issue affects LatePoint: from n/a through 5.1.6.

8.8

CVE-2024-43945

  • EPSS 0.17%
  • Veröffentlicht 21.10.2024 11:15:02
  • Zuletzt bearbeitet 24.10.2024 13:45:42

Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from n/a through 4.9.91.

9.8

CVE-2024-8911

  • EPSS 30.92%
  • Veröffentlicht 08.10.2024 09:15:19
  • Zuletzt bearbeitet 20.02.2025 15:30:18

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

9.8

CVE-2024-8943

  • EPSS 40.06%
  • Veröffentlicht 08.10.2024 09:15:19
  • Zuletzt bearbeitet 20.02.2025 15:30:59

The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unau...

5.4

CVE-2024-43992

  • EPSS 0.21%
  • Veröffentlicht 18.09.2024 00:15:08
  • Zuletzt bearbeitet 25.09.2024 13:47:17

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91.

9.1

CVE-2024-2472

  • EPSS 1.76%
  • Veröffentlicht 14.06.2024 10:15:09
  • Zuletzt bearbeitet 20.02.2025 15:28:10

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This make...