Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Latepoint — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting Latepoint. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Latepoint:LatePoint – Calendar Booking Plugin for Appointments and EventsLatePointLatePoint Plugin
CVE IDTitleCVSSSeverityPaused
CVE-2026-5234 LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-639 5.3 Medium2026-04-17
CVE-2026-4785 LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-79 6.4 Medium2026-04-08
CVE-2026-32533 WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability — LatePointCWE-639 8.2 -2026-03-25
CVE-2026-2324 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-352 6.1 Medium2026-03-11
CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-89 6.5 Medium2026-03-03
CVE-2026-1566 LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-269 8.8 High2026-03-02
CVE-2025-14873 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-352 4.3 Medium2026-02-14
CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-862 5.3 Medium2026-02-12
CVE-2026-0617 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-79 7.2 High2026-02-03
CVE-2025-7052 LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-352 8.8 High2025-09-30
CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-288 8.2 High2025-09-30
CVE-2025-6941 LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-79 6.4 Medium2025-09-30
CVE-2025-6815 LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-79 5.5 Medium2025-09-30
CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference — LatePoint – Calendar Booking Plugin for Appointments and EventsCWE-639 5.3 Medium2025-05-14
CVE-2025-30836 WordPress LatePoint plugin <= 5.1.6 - Cross Site Scripting (XSS) vulnerability — LatePointCWE-79 6.5 Medium2025-03-27
CVE-2024-43945 WordPress LatePoint plugin <= 4.9.91 - Cross Site Request Forgery (CSRF) vulnerability — LatePointCWE-352 6.5 Medium2024-10-21
CVE-2024-8943 LatePoint <= 5.0.12 - Authentication Bypass — LatePoint PluginCWE-288 9.8 Critical2024-10-08
CVE-2024-8911 LatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection — LatePoint PluginCWE-89 9.8 Critical2024-10-08
CVE-2024-43992 WordPress LatePoint plugin <= 4.9.91 - Cross Site Scripting (XSS) vulnerability — LatePointCWE-79 6.5 Medium2024-09-17
CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR — LatePoint PluginCWE-639 9.1 Critical2024-06-14

This page lists every published CVE security advisory associated with Latepoint. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.