WordPress LatePoint plugin <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function vulnerability

Unauthenticated Authentication Bypass via loadstep Function vulnerability discovered by wesley wcraft in WordPress Plugin LatePoint versions = 5.1.94...

WordPress LatePoint plugin <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin LatePoint versions = 5.1.94...

WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-39956

Name of the Vulnerable Software and Affected Versions LatePoint plugin for WordPress versions through 5.1.94 Description The LatePoint plugin for WordPress has a flaw that allows bypassing authentication. This is due to inadequate identity verification within the steps load step route of the...

PT-2025-39957

Name of the Vulnerable Software and Affected Versions LatePoint plugin for WordPress versions through 5.1.94 Description The software is susceptible to Cross-Site Request Forgery due to the absence of nonce validation. This occurs on the change password function within the customer cabinet change...

PT-2025-39954

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions through 5.1.94 Description The LatePoint – Calendar Booking Plugin for Appointments and Events for WordPress is susceptible to Stored Cross-Site Scripting. The issue stem...

WordPress plugin LatePoint 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-6715

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

WordPress Latepoint plugin < 5.1.94 - Unauthenticated LFI vulnerability

Unauthenticated LFI vulnerability discovered by wesley wcraft in WordPress Plugin LatePoint versions 5.1.94...

CVE-2025-6715

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2025-6715 Latepoint < 5.1.94 - Unauthenticated LFI

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

PT-2025-32966 · WordPress · Latepoint Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: LatePoint WordPress plugin versions prior to 5.1.94 Description: The LatePoint WordPress plugin is susceptible to a Local File Inclusion issue via the layout parameter. This allows attackers to include and execute PHP files on the server,...

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

VulnCheck KEV: CVE-2025-6715

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2025-3769

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'viewbookingsummaryinlightbox' due to missing validation on a user controlled key. This makes it possible...

CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'viewbookingsummaryinlightbox' due to missing validation on a user controlled key. This makes it possible...

CVE-2025-3769

CVE-2025-3769 – LatePoint (WordPress) Unauthenticated IDOR Affected software: LatePoint – Calendar Booking Plugin for Appointments and Events (WordPress). Root cause: Insecure Direct Object Reference due to missing validation on a user-controlled key in the view_booking_summary_in_lightbox endpoi...

CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'viewbookingsummaryinlightbox' due to missing validation on a user controlled key. This makes it possible...

PT-2025-21146 · WordPress · Latepoint – Calendar Booking Plugin For Appointments/Events

Name of the Vulnerable Software and Affected Versions: LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress versions up to, and including, 5.1.92 Description: The issue allows unauthenticated attackers to retrieve appointment details, such as customer names and ema...

WordPress Latepoint plugin <= 5.1.92 - Unauthenticated Insecure Direct Object Reference vulnerability

Unauthenticated Insecure Direct Object Reference vulnerability discovered by Martin Martin in WordPress Plugin LatePoint versions = 5.1.92...