Lucene search
K

169 matches found

CVE
CVE
added 2026/03/11 1:22 a.m.18 views

CVE-2026-2324

CVE-2026-2324 affects the LatePoint – Calendar Booking Plugin for Appointments and Events (WordPress). Up to version 5.2.7 is vulnerable due to missing/incorrect nonce validation in the reload_preview() function, enabling unauthenticated attackers to update settings and inject malicious scripts v...

6.1CVSS5.6AI score0.00095EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.9 views

PT-2026-24547

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reload preview function. This makes it possible for...

6.1CVSS5.6AI score0.00095EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/05 9:57 a.m.5 views

WordPress LatePoint plugin <= 5.2.7 - Authenticated (Agent+) Privilege Escalation vulnerability

Authenticated Agent+ Privilege Escalation vulnerability discovered by Nguyen Ba Hung bashu - KCSC in WordPress Plugin LatePoint versions = 5.2.7...

8.8CVSS5.9AI score0.003EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.6 views

CVE-2026-1487

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

6.5CVSS6.2AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/03 1:21 a.m.4 views

CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

6.5CVSS6.2AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/03 1:21 a.m.28 views

CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

6.5CVSS0.00322EPSS
Exploits0References2
NVD
NVD
added 2026/03/03 12:15 a.m.13 views

CVE-2026-1566

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS0.003EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/02 11:27 p.m.7 views

WordPress LatePoint plugin <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import vulnerability

Authenticated Administrator+ SQL Injection via JSON Import vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin LatePoint versions = 5.2.7...

6.5CVSS6AI score0.00322EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/02 11:22 p.m.23 views

CVE-2026-1566 LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.10 views

CVE-2025-14873

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'callbyroutename' function in the routing layer only validating user capabilities without enforcing...

4.3CVSS5.3AI score0.00143EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.4 views

CVE-2025-14873 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'callbyroutename' function in the routing layer only validating user capabilities without enforcing...

4.3CVSS5.4AI score0.00143EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.5 views

CVE-2025-14873

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'callbyroutename' function in the routing layer only validating user capabilities without enforcing...

4.3CVSS5.3AI score0.00143EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.30 views

CVE-2025-14873 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'callbyroutename' function in the routing layer only validating user capabilities without enforcing...

4.3CVSS0.00143EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.7 views

WordPress plugin LatePoint 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/13 7:21 a.m.7 views

CVE-2026-1537

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 2:23 a.m.3 views

CVE-2026-1537

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References4
CVE
CVE
added 2026/02/12 2:23 a.m.18 views

CVE-2026-1537

CVE-2026-1537 pertains to the WordPress plugin LatePoint – Calendar Booking Plugin for Appointments and Events. The vulnerability is an missing authorization to booking details exposure in all versions up to and including 5.2.6, enabling unauthenticated attackers to view sensitive booking data (c...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/12 2:23 a.m.5 views

CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

5.3CVSS5.5AI score0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/12 2:23 a.m.32 views

CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

5.3CVSS0.00244EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.11 views

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00244EPSS
Exploits0References4
Rows per page
Query Builder