WordPress LatePoint – Calendar Booking Plugin for Appointments and Events plugin <= 5.3.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Tulgaaaa - Empasoft Institute of Technology in WordPress Plugin LatePoint versions = 5.3.2...

WordPress LatePoint plugin <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability discovered by darkmode in WordPress Plugin LatePoint versions = 5.3.2...

CVE-2026-32533 WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

CVE-2026-32533

CVE-2026-32533 (WordPress LatePoint plugin 5.2.6 are implied), or apply vendor-provided mitigation if available in connected sources. If exploitation details are not documented, note that no exploitation details are provided in the supplied documents.

CVE-2026-32533 WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through = 5.2.6...

WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin LatePoint versions = 5.2.6...

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin LatePoint versions = 5.2.6...

CVE-2025-7052

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the changepassword function of its customercabinetchangepassword AJAX route. The plugin hooks this endpoint via wpajax and...

WordPress LatePoint Plugin <= 5.0.11 is vulnerable to SQL Injection

Software LatePoint Type Plugin Vulnerable versions = 5.0.11 Fixed in 5.0.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8911 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26726ee6dc78 Credits István Márton Required privilege Unauthenticated...

WordPress LatePoint Plugin <= 5.0.12 is vulnerable to Broken Authentication

Software LatePoint Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-8943 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f9b741b682a7 Credits István Márt...