314 matches found
CVE-2024-8911
The CVE-2024-8911 entry refers to the WordPress LatePoint plugin (≤ 5.0.11) with an SQL Injection flaw that allows unauthenticated arbitrary password changes. The root cause is insufficient escaping of a user-supplied parameter and inadequate preparation of an existing SQL query, enabling passwor...
CVE-2024-8911 LatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection
The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
WordPress LatePoint plugin <= 5.0.12 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin LatePoint versions = 5.0.12...
WordPress LatePoint plugin <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection vulnerability
Unauthenticated Arbitrary User Password Change via SQL Injection vulnerability discovered by István Márton in WordPress Plugin LatePoint versions = 5.0.11...
WordPress LatePoint Plugin <= 5.0.12 is vulnerable to Broken Authentication
Software LatePoint Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-8943 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f9b741b682a7 Credits István Márt...
WordPress plugin LatePoint 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
VulnCheck KEV: CVE-2024-8911
The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
VulnCheck KEV: CVE-2024-8943
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing...
PT-2024-39328
Name of the Vulnerable Software and Affected Versions: LatePoint plugin for WordPress versions up to, and including, 5.0.12 Description: The issue is related to insufficient verification of the user being supplied during the booking customer step, allowing unauthenticated attackers to log in as a...
WordPress LatePoint Plugin <= 5.0.11 is vulnerable to SQL Injection
Software LatePoint Type Plugin Vulnerable versions = 5.0.11 Fixed in 5.0.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8911 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26726ee6dc78 Credits István Márton Required privilege Unauthenticated...
WordPress plugin LatePoint SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2024-39312
Name of the Vulnerable Software and Affected Versions: LatePoint plugin for WordPress versions up to, and including, 5.0.11 Description: The issue is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query, making it possible for...
7,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in LatePoint WordPress Plugin
🦸 👻 Calling all superheroes and haunters! Introducing theCybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations...
CVE-2024-43992
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91...
CVE-2024-43992
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91...
CVE-2024-43992 WordPress LatePoint plugin <= 4.9.91 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91...
CVE-2024-43992 WordPress LatePoint plugin <= 4.9.91 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91...
CVE-2024-43992
CVE-2024-43992 is a Stored Cross-Site Scripting vulnerability in the LatePoint WordPress plugin (LatePoint) affecting versions up to 4.9.91. The Red Hat/NVD/Wordfence and related sources describe it as an unauthenticated/authenticated XSS vulnerability in LatePoint; the Wordfence entry explicitly...
WordPress plugin LatePoint 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
LatePoint <= 4.9.91 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.9.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...