| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5234 | LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2026-04-17 03:36:45 | Deep Dive |
| CVE-2026-4785 | LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.4 | 2026-04-08 03:36:09 | Deep Dive |
| CVE-2026-32533 | WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability | LatePoint | LatePoint | 中危 | - | 2026-03-25 16:15:10 | Deep Dive |
| CVE-2026-2324 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.1 | 2026-03-11 01:22:04 | Deep Dive |
| CVE-2026-1487 | LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.5 | 2026-03-03 01:21:51 | Deep Dive |
| CVE-2026-1566 | LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.8 | 2026-03-02 23:22:56 | Deep Dive |
| CVE-2025-14873 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 4.3 | 2026-02-14 06:42:27 | Deep Dive |
| CVE-2026-1537 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2026-02-12 02:23:25 | Deep Dive |
| CVE-2026-0617 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 7.2 | 2026-02-03 06:38:02 | Deep Dive |
| CVE-2025-7052 | LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.8 | 2025-09-30 04:27:08 | Deep Dive |
| CVE-2025-7038 | LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.2 | 2025-09-30 04:27:08 | Deep Dive |
| CVE-2025-6941 | LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.4 | 2025-09-30 04:27:07 | Deep Dive |
| CVE-2025-6815 | LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.5 | 2025-09-30 04:27:06 | Deep Dive |
| CVE-2025-6715 | Latepoint < 5.1.94 - Unauthenticated LFI | Unknown | LatePoint | - | - | 2025-08-13 06:00:03 | Deep Dive |
| CVE-2025-3769 | Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2025-05-14 11:12:26 | Deep Dive |
| CVE-2025-30836 | WordPress LatePoint plugin <= 5.1.6 - Cross Site Scripting (XSS) vulnerability | LatePoint | LatePoint | Medium | 6.5 | 2025-03-27 10:55:22 | Deep Dive |
| CVE-2024-43945 | WordPress LatePoint plugin <= 4.9.91 - Cross Site Request Forgery (CSRF) vulnerability | Latepoint | LatePoint | Medium | 6.5 | 2024-10-21 11:05:13 | Deep Dive |
| CVE-2024-8943 | LatePoint <= 5.0.12 - Authentication Bypass | latepoint | LatePoint Plugin | Critical | 9.8 | 2024-10-08 08:33:19 | Deep Dive |
| CVE-2024-8911 | LatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection | latepoint | LatePoint Plugin | Critical | 9.8 | 2024-10-08 08:33:18 | Deep Dive |
| CVE-2024-43992 | WordPress LatePoint plugin <= 4.9.91 - Cross Site Scripting (XSS) vulnerability | Latepoint | LatePoint | Medium | 6.5 | 2024-09-17 23:21:31 | Deep Dive |