PT-2026-6012

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.2.6 Description The LatePoint – Calendar Booking Plugin for Appointments and Events for WordPress is susceptible to Stored Cross-Site Scripting. This is due to...

WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2025-31703

Malicious code in bioql PyPI...

EUVD-2025-31705

Malicious code in bioql PyPI...

EUVD-2024-49475

Malicious code in bioql PyPI...

EUVD-2025-24546

Malicious code in bioql PyPI...

EUVD-2024-49500

Malicious code in bioql PyPI...

EUVD-2024-27421

Malicious code in bioql PyPI...

CVE-2025-6941

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'latepointresources' shortcode in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escapin...

CVE-2025-6815

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘servicename’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-7038

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...

CVE-2025-7038

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...

CVE-2025-6815

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘servicename’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-6941

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'latepointresources' shortcode in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escapin...

CVE-2025-7052 LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the changepassword function of its customercabinetchangepassword AJAX route. The plugin hooks this endpoint via wpajax and...

CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...

CVE-2025-7038

The vulnerability CVE-2025-7038 affects LatePoint for WordPress (up to v5.1.94). The issue is an Authentication Bypass in the steps__load_step path of the latepoint_route_call AJAX endpoint, where client-supplied customer email/fields are used before login verification or nonce checks. Unauthenti...

CVE-2025-6941 LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'latepointresources' shortcode in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escapin...

CVE-2025-6815

CVE-2025-6815: LatePoint – Calendar Booking Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the service[name] parameter in all versions up to 5.1.94. Exploitation requires authenticated administrator access; the flaw arises from insufficient input sanitization and output esc...

CVE-2025-6815 LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘servicename’ parameter in all versions up to, and including, 5.1.94 due to insufficient input sanitization and output escaping. This makes it possible for...