PT-2026-31082

🗓️ 08 Apr 2026 00:00:00Reported by Positive TechnologiesType

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

LatePoint WordPress plugin allows stored cross site scripting via the button caption in the resources shortcode up to version 5.3.0 for authenticated contributors.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2026-4785	8 Apr 202607:37	–	circl
CNNVD	WordPress plugin LatePoint – Calendar Booking Plugin for Appointments and Events 跨站脚本漏洞	8 Apr 202600:00	–	cnnvd
CVE	CVE-2026-4785	8 Apr 202603:36	–	cve
Cvelist	CVE-2026-4785 LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	8 Apr 202603:36	–	cvelist
EUVD	EUVD-2026-20048	8 Apr 202606:31	–	euvd
NVD	CVE-2026-4785	8 Apr 202605:16	–	nvd
Patchstack	WordPress LatePoint plugin <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability	7 Apr 202622:57	–	patchstack
Vulnrichment	CVE-2026-4785 LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	8 Apr 202603:36	–	vulnrichment

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3491516/latepoint
t	www.t.me/CVEtracker/50006
plugins	www.plugins.trac.wordpress.org/browser/latepoint/tags/5.2.10/lib/helpers/shortcodes_helper.php
plugins	www.plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/shortcodes_helper.php
plugins	www.plugins.trac.wordpress.org/browser/latepoint/tags/5.2.10/lib/helpers/shortcodes_helper.php
plugins	www.plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/shortcodes_helper.php
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-4785
twitter	www.twitter.com/VulmonFeeds/status/2041788526971310206
twitter	www.twitter.com/CVEnew/status/2043561082715795538
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/55c5c094-69c0-4e2a-be0c-fab6f1039309

13 Apr 2026 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.4

EPSS0.00015

SSVC