Lucene search
+L

314 matches found

CVE
CVE
added 2024/10/08 8:33 a.m.68 views

CVE-2024-8911

The CVE-2024-8911 entry refers to the WordPress LatePoint plugin (≤ 5.0.11) with an SQL Injection flaw that allows unauthenticated arbitrary password changes. The root cause is insufficient escaping of a user-supplied parameter and inadequate preparation of an existing SQL query, enabling passwor...

9.8CVSS9.9AI score0.0288EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/10/08 8:33 a.m.41 views

CVE-2024-8911 LatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

9.8CVSS0.0288EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/08 3:1 a.m.8 views

WordPress LatePoint plugin <= 5.0.12 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin LatePoint versions = 5.0.12...

9.8CVSS7AI score0.03054EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/08 3:0 a.m.8 views

WordPress LatePoint plugin <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection vulnerability

Unauthenticated Arbitrary User Password Change via SQL Injection vulnerability discovered by István Márton in WordPress Plugin LatePoint versions = 5.0.11...

9.8CVSS8.1AI score0.0288EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.18 views

WordPress LatePoint Plugin <= 5.0.12 is vulnerable to Broken Authentication

Software LatePoint Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-8943 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f9b741b682a7 Credits István Márt...

9.8CVSS6.8AI score0.03054EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.12 views

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS6.4AI score0.03054EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-8911

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

9.8CVSS5.9AI score0.0288EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/10/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-8943

The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing...

9.8CVSS5.8AI score0.03054EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.6 views

PT-2024-39328

Name of the Vulnerable Software and Affected Versions: LatePoint plugin for WordPress versions up to, and including, 5.0.12 Description: The issue is related to insufficient verification of the user being supplied during the booking customer step, allowing unauthenticated attackers to log in as a...

9.8CVSS5.4AI score0.03054EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.22 views

WordPress LatePoint Plugin <= 5.0.11 is vulnerable to SQL Injection

Software LatePoint Type Plugin Vulnerable versions = 5.0.11 Fixed in 5.0.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8911 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26726ee6dc78 Credits István Márton Required privilege Unauthenticated...

9.8CVSS7.2AI score0.0288EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.6 views

WordPress plugin LatePoint SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

9.8CVSS7.7AI score0.0288EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.10 views

PT-2024-39312

Name of the Vulnerable Software and Affected Versions: LatePoint plugin for WordPress versions up to, and including, 5.0.11 Description: The issue is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query, making it possible for...

9.8CVSS5.5AI score0.0288EPSS
Exploits0References8
Wordfence Blog
Wordfence Blog
added 2024/10/07 8:8 p.m.17 views

7,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in LatePoint WordPress Plugin

🦸 👻 Calling all superheroes and haunters! Introducing theCybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations...

9.8CVSS10AI score0.03054EPSS
Exploits0
OSV
OSV
added 2024/09/18 12:15 a.m.2 views

CVE-2024-43992

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91...

5.4CVSS5.8AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2024/09/18 12:15 a.m.18 views

CVE-2024-43992

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91...

6.5CVSS0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/17 11:21 p.m.18 views

CVE-2024-43992 WordPress LatePoint plugin <= 4.9.91 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91...

6.5CVSS6.8AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/17 11:21 p.m.26 views

CVE-2024-43992 WordPress LatePoint plugin <= 4.9.91 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91...

6.5CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2024/09/17 11:21 p.m.69 views

CVE-2024-43992

CVE-2024-43992 is a Stored Cross-Site Scripting vulnerability in the LatePoint WordPress plugin (LatePoint) affecting versions up to 4.9.91. The Red Hat/NVD/Wordfence and related sources describe it as an unauthenticated/authenticated XSS vulnerability in LatePoint; the Wordfence entry explicitly...

6.5CVSS6.2AI score0.0024EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.7 views

WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6AI score0.0024EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/09/05 12:0 a.m.23 views

LatePoint <= 4.9.91 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.9.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1
Rows per page
Query Builder