CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

143 matches found

Positive Technologies•added 2026/04/27 12:0 a.m.•1 views

PT-2026-35519

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

8.8CVSS5.2AI score0.00064EPSS

Exploits1References9

EUVD•added 2026/04/17 6:31 a.m.•1 views

EUVD-2026-23356

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::createpaymentintentfortransaction action is registered as a public action no authentication required an...

5.3CVSS5.8AI score0.00119EPSS

Exploits0References11

NVD•added 2026/04/17 5:16 a.m.•0 views

CVE-2026-5234

5.3CVSS0.00119EPSS

Exploits0References10

CVE•added 2026/04/17 3:36 a.m.•9 views

CVE-2026-5234

The LatePoint WordPress plugin (versions

5.3CVSS5.8AI score0.00119EPSS

Exploits0References10

EUVD•added 2026/04/08 6:31 a.m.•1 views

EUVD-2026-20048

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttoncaption' parameter in the latepointresources shortcode in versions up to and including 5.3.0. This is due to insufficient output escaping when the...

6.4CVSS6.1AI score0.00015EPSS

Exploits0References7

NVD•added 2026/04/08 5:16 a.m.•2 views

CVE-2026-4785

6.4CVSS0.00015EPSS

Exploits0References6

Cvelist•added 2026/04/08 3:36 a.m.•20 views

CVE-2026-4785 LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00015EPSS

Exploits0References6

Vulnrichment•added 2026/04/08 3:36 a.m.•1 views

CVE-2026-4785 LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS6.1AI score0.00015EPSS

Exploits0References6

Positive Technologies•added 2026/04/08 12:0 a.m.•1 views

PT-2026-31082

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions up to and including 5.3.0 Description The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is susceptible to Stored Cross-Site Scripti...

6.4CVSS5.9AI score0.00015EPSS

Exploits0References10

Patchstack•added 2026/04/07 10:57 p.m.•2 views

WordPress LatePoint plugin <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin LatePoint versions = 5.3.0...

6.4CVSS5.9AI score0.00015EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/03/11 1:22 a.m.•1 views

CVE-2026-2324 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reloadpreview function. This makes it possible for...

6.1CVSS5.6AI score0.00017EPSS

Exploits0References2

EUVD•added 2026/03/11 1:22 a.m.•0 views

EUVD-2026-11033

6.1CVSS5.6AI score0.00017EPSS

Exploits0References2

CVE•added 2026/03/11 1:22 a.m.•9 views

CVE-2026-2324

CVE-2026-2324 affects the LatePoint – Calendar Booking Plugin for Appointments and Events (WordPress). Up to version 5.2.7 is vulnerable due to missing/incorrect nonce validation in the reload_preview() function, enabling unauthenticated attackers to update settings and inject malicious scripts v...

6.1CVSS5.6AI score0.00017EPSS

Exploits0References2

Cvelist•added 2026/03/11 1:22 a.m.•23 views

CVE-2026-2324 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting

6.1CVSS0.00017EPSS

Exploits0References2

ATTACKERKB•added 2026/03/11 1:22 a.m.•1 views

CVE-2026-2324

6.1CVSS5.6AI score0.00017EPSS

Exploits0References3

Positive Technologies•added 2026/03/11 12:0 a.m.•1 views

PT-2026-24547

6.1CVSS5.6AI score0.00017EPSS

Exploits0References3

Patchstack•added 2026/03/05 9:57 a.m.•2 views

WordPress LatePoint plugin <= 5.2.7 - Authenticated (Agent+) Privilege Escalation vulnerability

Authenticated Agent+ Privilege Escalation vulnerability discovered by Nguyen Ba Hung bashu - KCSC in WordPress Plugin LatePoint versions = 5.2.7...

8.8CVSS5.9AI score0.00058EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/04 1:56 a.m.•3 views

CVE-2026-1487

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

6.5CVSS6.2AI score0.00036EPSS

Exploits0References1

Vulnrichment•added 2026/03/03 1:21 a.m.•1 views

CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import

6.5CVSS6.2AI score0.00036EPSS

Exploits0References2

Cvelist•added 2026/03/03 1:21 a.m.•22 views

CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import

6.5CVSS0.00036EPSS

Exploits0References2

Rows per page