Lucene search
K

171 matches found

CVE
CVE
added 2026/02/12 2:23 a.m.20 views

CVE-2026-1537

CVE-2026-1537 pertains to the WordPress plugin LatePoint – Calendar Booking Plugin for Appointments and Events. The vulnerability is an missing authorization to booking details exposure in all versions up to and including 5.2.6, enabling unauthenticated attackers to view sensitive booking data (c...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.11 views

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00244EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.5 views

CVE-2026-0617

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.6AI score0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 a.m.8 views

CVE-2026-0617

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00363EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:38 a.m.3 views

CVE-2026-0617

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.6AI score0.00363EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.3 views

CVE-2026-0617 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.6AI score0.00363EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/03 6:38 a.m.7 views

EUVD-2026-5287

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS5.6AI score0.00363EPSS
Exploits0References5
CVE
CVE
added 2026/02/03 6:38 a.m.9 views

CVE-2026-0617

The CVE concerns the LatePoint – Calendar Booking Plugin for Appointments and Events (WordPress). A stored XSS vulnerability exists in customer profile fields across all versions up to 5.2.5 due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject s...

7.2CVSS5.6AI score0.00363EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.12 views

PT-2026-6012

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.2.6 Description The LatePoint – Calendar Booking Plugin for Appointments and Events for WordPress is susceptible to Stored Cross-Site Scripting. This is due to...

7.2CVSS5.8AI score0.00363EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.8AI score0.00363EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-27421

Malicious code in bioql PyPI...

9.1CVSS6.5AI score0.00623EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49500

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.02994EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24546

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.0053EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-31705

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.0024EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-49475

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.02823EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31703

Malicious code in bioql PyPI...

8.2CVSS6.6AI score0.00385EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/01 5:26 a.m.6 views

CVE-2025-6941

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'latepointresources' shortcode in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escapin...

6.4CVSS5AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/01 5:26 a.m.14 views

CVE-2025-6815

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘servicename’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS5AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/01 5:26 a.m.17 views

CVE-2025-7038

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...

8.2CVSS5.9AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2025/09/30 11:37 a.m.5 views

CVE-2025-7038

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...

8.2CVSS0.00385EPSS
Exploits0References5
Rows per page
Query Builder