Lucene search
K

167 matches found

NVD
NVD
added 2026/05/06 8:16 a.m.24 views

CVE-2026-7332

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS0.0045EPSS
Exploits0References11
NVD
NVD
added 2026/05/06 8:16 a.m.32 views

CVE-2026-7457

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...

6.4CVSS0.00339EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/06 6:47 a.m.7 views

EUVD-2026-27544

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...

6.4CVSS6AI score0.00339EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/06 6:47 a.m.14 views

EUVD-2026-27540

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.0045EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:47 a.m.8 views

CVE-2026-7448

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'firstname' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00122EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2026/05/06 6:47 a.m.7 views

CVE-2026-7448

...

5.8AI score0.00122EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:47 a.m.5 views

CVE-2026-7457

The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...

6.4CVSS6AI score0.00339EPSS
Exploits0References12
CVE
CVE
added 2026/05/06 6:47 a.m.13 views

CVE-2026-7332

The CVE affects the LatePoint WordPress plugin (Calendar Booking Plugin for Appointments and Events), up to version 5.5.0. The root cause is insufficient input sanitization and output escaping for the booking_form_page_url parameter, enabling unauthenticated stored XSS. Impact stated: arbitrary s...

7.2CVSS6AI score0.0045EPSS
Exploits0References11
CVE
CVE
added 2026/05/06 6:47 a.m.17 views

CVE-2026-7448

The CVE-2026-7448 entry corresponds to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress LatePoint Calendar Booking Plugin for Appointments and Events (versions up to 5.5.0). The underlying issue is insufficient input sanitization and output escaping on the first_name parameter, ...

6AI score0.00122EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/06 6:47 a.m.9 views

CVE-2026-7332 LatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' Parameter

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.0045EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/06 6:47 a.m.7 views

EUVD-2026-27542

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'firstname' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00122EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/05/06 6:47 a.m.34 views

CVE-2026-7448

...

0.00122EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:47 a.m.4 views

CVE-2026-7332

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.0045EPSS
Exploits0References12
CVE
CVE
added 2026/05/06 6:47 a.m.23 views

CVE-2026-7457

The CVE-2026-7457 entry concerns the WordPress LatePoint plugin (versions up to 5.5.0). The root cause is insufficient input sanitization on the customer cabinet profile update endpoint: raw POST fields (first_name, last_name, phone, notes) bypass sanitization because OsCustomerModel does not ove...

6.4CVSS6AI score0.00339EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/06 6:47 a.m.38 views

CVE-2026-7332 LatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' Parameter

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookingformpageurl' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS0.0045EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.8AI score0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-37351

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking form page url' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.0045EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-37352

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first name' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00122EPSS
Exploits0References15
NVD
NVD
added 2026/04/27 8:16 p.m.6 views

CVE-2026-6741

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

8.8CVSS0.00293EPSS
Exploits1References6
Rows per page
Query Builder