CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Cvelist•added 2026/05/09 2:25 a.m.•33 views

CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS0.001EPSS

Exploits0References15

EUVD•added 2026/05/09 2:25 a.m.•7 views

EUVD-2026-28881

5.3CVSS5.8AI score0.001EPSS

Exploits0References15

ATTACKERKB•added 2026/05/09 2:25 a.m.•4 views

CVE-2026-7652

5.3CVSS5.8AI score0.001EPSS

Exploits0References16

Vulnrichment•added 2026/05/09 2:25 a.m.•4 views

CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

5.3CVSS5.8AI score0.001EPSS

Exploits0References15

CVE•added 2026/05/09 2:25 a.m.•14 views

CVE-2026-7652

The LatePoint WordPress plugin (up to version 5.5.0) is vulnerable to Account Takeover via a Weak Password Recovery Mechanism in the unauthenticated guest booking flow. The root cause is save_connected_wordpress_user() propagating a LatePoint customer’s email to its linked WordPress user via wp_u...

5.3CVSS5.8AI score0.001EPSS

Exploits0References15

Positive Technologies•added 2026/05/02 12:0 a.m.•3 views

PT-2026-36611

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS5.9AI score0.00143EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by