2 matches found
CVE-2024-2472
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...
WordPress LatePoint Plugin <= 4.9.9 is vulnerable to Broken Access Control
Software LatePoint Type Plugin Vulnerable versions = 4.9.9 Fixed in 4.9.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2472 Patch priority Low CVSS severity Low 8.6 Developer Claim ownership PSID c507e34d06b9 Credits Gharib Sharifi - WaveSec Joel Avia...