Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

LatePoint – Calendar Booking Plugin for Appointments and Events — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in LatePoint – Calendar Booking Plugin for Appointments and Events, with AI-generated Chinese analysis, references, and POCs.

Vendor: latepoint

CVE IDTitleCVSSSeverityPublished
CVE-2026-5234 LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID CWE-639 5.3 Medium2026-04-17
CVE-2026-4785 LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2026-04-08
CVE-2026-2324 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting CWE-352 6.1 Medium2026-03-11
CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import CWE-89 6.5 Medium2026-03-03
CVE-2026-1566 LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation CWE-269 8.8 High2026-03-02
CVE-2025-14873 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery CWE-352 4.3 Medium2026-02-14
CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure CWE-862 5.3 Medium2026-02-12
CVE-2026-0617 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2026-02-03
CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function CWE-288 8.2 High2025-09-30
CVE-2025-7052 LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function CWE-352 8.8 High2025-09-30
CVE-2025-6941 LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2025-09-30
CVE-2025-6815 LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 5.5 Medium2025-09-30
CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference CWE-639 5.3 Medium2025-05-14

All 13 known CVE vulnerabilities affecting LatePoint – Calendar Booking Plugin for Appointments and Events with full Chinese analysis, references, and POCs where available.