Lucene search
+L

8 matches found

nvd
nvd
added 2026/07/03 9:16 a.m.9 views

CVE-2026-11398

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00338EPSS
Exploits0References10
cvelist
cvelist
added 2026/07/03 7:53 a.m.40 views

CVE-2026-11398 LatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer Step

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00338EPSS
Exploits0References10
euvd
euvd
added 2026/07/03 7:53 a.m.9 views

EUVD-2026-41524

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6AI score0.00338EPSS
Exploits0References10
cve
cve
added 2026/07/03 7:53 a.m.18 views

CVE-2026-11398

The CVE concerns LatePoint for WordPress, affecting all versions up to 5.6.1. It allows unauthenticated users to bypass authorization and modify PII (first name, last name, phone, notes) of any customer record by submitting a booking form with a known email when guest bookings are enabled (is_cus...

5.3CVSS6AI score0.00338EPSS
Exploits0References10
attackerkb
attackerkb
added 2026/07/03 7:53 a.m.9 views

CVE-2026-11398

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6AI score0.00338EPSS
Exploits0References11
ptsecurity
ptsecurity
added 2026/07/03 12:0 a.m.15 views

PT-2026-55512

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.6.2 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated...

5.3CVSS6.2AI score0.00338EPSS
Exploits0References14
redhatcve
redhatcve
added 2026/05/12 8:20 a.m.9 views

CVE-2026-7652

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/09 12:0 a.m.12 views

PT-2026-39316

Name of the Vulnerable Software and Affected Versions LatePoint versions prior to 5.5.1 Description A weak password recovery mechanism in the unauthenticated guest booking flow allows for account takeover. The save connected wordpress user function uses wp update user to propagate a customer's...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References20
Rows per page
Query Builder