Lucene search
K

9 matches found

Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-13228 LatePoint <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via 'order[customer_id]' Parameter

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference IDOR in the createorupdate function of OsOrdersController, whi...

8.8CVSS0.00309EPSS
Exploits0References7
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40943

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference IDOR in the createorupdate function of OsOrdersController, whi...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References7
CVE
CVE
added 6 days ago19 views

CVE-2026-12073

CVE-2026-12073 affects the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress (versions ≤ 5.9.9.5). The root cause is the plugin not validating a user_login on some registration forms and mishandling errors, enabling unauthenticated attackers to overwrite the email of the ad...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51619

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description Improper access control in the CSV user import functionality allows a user with only the import permission to bypass user-edit authorization. By uploading a CSV file in update mode, an attacker can...

6.5CVSS5.9AI score0.00037EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/09 2:25 a.m.13 views

EUVD-2026-28881

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/05/09 2:25 a.m.7 views

CVE-2026-7652

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/05/09 2:25 a.m.58 views

CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS0.00719EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.10 views

WordPress plugin LatePoint 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References1
CNVD
CNVD
added 2020/11/02 12:0 a.m.2 views

Multiple Apple Products Arbitrary Email Override Vulnerability

Apple iOS, etc. are all products of the American Apple Apple Company. An arbitrary email overwrite vulnerability exists in Apple iOS before 13.6, iPadOS before 13.6, watchOS before 6.2.8, and macOS Catalina before 10.15.6. An attacker can exploit this vulnerability by leveraging a malicious mail...

9.1CVSS6.5AI score0.01837EPSS
Exploits0References1
Rows per page
Query Builder