Lucene search
K

312 matches found

Nuclei
Nuclei
added yesterday7 views

LatePoint <= 5.0.12 - Authentication Bypass

LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress...

9.8CVSS6AI score0.03054EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday8 views

LatePoint <= 5.0.11 - SQL Injection

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

9.8CVSS6.1AI score0.0288EPSS
Exploits0References3
NVD
NVD
added 3 days ago3 views

CVE-2026-57714

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a through = 5.6.3...

9.3CVSS0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-57714 WordPress LatePoint plugin <= 5.6.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a through = 5.6.3...

9.3CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-57714

CVE-2026-57714 is a SQL injection vulnerability in the WordPress LatePoint plugin (versions up to and including 5.6.3). The issue arises from improper neutralization of SQL elements, enabling Blind SQL Injection. The affected component is the LatePoint plugin for WordPress; no vendor/version deta...

9.3CVSS6.1AI score0.00291EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/08 3:14 p.m.5 views

WordPress LatePoint plugin <= 5.6.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin LatePoint versions = 5.6.3...

9.3CVSS6.1AI score0.00291EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/08 1:16 p.m.9 views

CVE-2026-5356

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it...

7.5CVSS0.0021EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 12:33 p.m.6 views

EUVD-2026-42227

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it...

7.5CVSS6AI score0.0021EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/08 12:33 p.m.5 views

CVE-2026-5356

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it...

7.5CVSS6AI score0.0021EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 12:33 p.m.35 views

CVE-2026-5356 LatePoint - Calendar Booking Plugin for Appointments and Events <= 5.4.0 - Unauthenticated Stripe PaymentIntent Amount-Binding Bypass

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it...

7.5CVSS0.0021EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 12:33 p.m.15 views

CVE-2026-5356

The CVE-2026-5356 entry concerns the LatePoint – Calendar Booking Plugin for Appointments and Events for WordPress, affected up to version 5.4.0. The root cause is improper input validation in the Stripe Connect payment processor, which accepts a client-supplied PaymentIntent ID. This misstep can...

7.5CVSS6AI score0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56400

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.4.1 Description Improper input validation in the Stripe Connect payment processor allows unauthenticated attackers to pay an arbitrary amount. This occurs...

7.5CVSS6.2AI score0.0021EPSS
Exploits0References5
NVD
NVD
added 2026/07/03 9:16 a.m.9 views

CVE-2026-11398

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00338EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/03 7:53 a.m.40 views

CVE-2026-11398 LatePoint <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification via process_step_customer() Booking Form Customer Step

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00338EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/03 7:53 a.m.9 views

EUVD-2026-41524

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6AI score0.00338EPSS
Exploits0References10
CVE
CVE
added 2026/07/03 7:53 a.m.18 views

CVE-2026-11398

The CVE concerns LatePoint for WordPress, affecting all versions up to 5.6.1. It allows unauthenticated users to bypass authorization and modify PII (first name, last name, phone, notes) of any customer record by submitting a booking form with a known email when guest bookings are enabled (is_cus...

5.3CVSS6AI score0.00338EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:53 a.m.9 views

CVE-2026-11398

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.6.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS6AI score0.00338EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.15 views

PT-2026-55512

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.6.2 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated...

5.3CVSS6.2AI score0.00338EPSS
Exploits0References14
Patchstack
Patchstack
added 2026/07/02 7:22 p.m.6 views

WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.6.1 - Missing Authorization to Unauthenticated Arbitrary Customer Data Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Customer Data Modification vulnerability discovered by hhhai in WordPress Plugin LatePoint versions = 5.6.1...

5.3CVSS5.9AI score0.00338EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/02 10:16 a.m.7 views

CVE-2026-12657

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.2 via the 'serviceid' parameter due to missing validation on a user controlled key. This makes it possible for...

5.3CVSS0.00381EPSS
Exploits0References12
Rows per page
Query Builder