4 matches found
CVE-2026-7457
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...
CVE-2026-7457
The CVE-2026-7457 entry concerns the WordPress LatePoint plugin (versions up to 5.5.0). The root cause is insufficient input sanitization on the customer cabinet profile update endpoint: raw POST fields (first_name, last_name, phone, notes) bypass sanitization because OsCustomerModel does not ove...
CVE-2026-7457
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters firstname, lastname, phone, notes bypass sanitizati...
PT-2026-37353
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profile update endpoint — where raw POST parameters first name, last name, phone, notes bypass...