Latepoint Latepoint – Calendar Booking Plugin For Appointments And Events
19 CVEs affecting Latepoint Latepoint – Calendar Booking Plugin For Appointments And Events. Latest disclosed: 2026-05-14. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6741 | High | 8.8 | 2026-04-27 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including… |
CVE-2026-1566 | High | 8.8 | 2026-03-02 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versio… |
CVE-2025-7052 | High | 8.8 | 2025-09-30 | The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce valid… |
CVE-2025-7038 | High | 8.2 | 2025-09-30 | The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the la… |
CVE-2026-7332 | High | 7.2 | 2026-05-06 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_pag… |
CVE-2026-0617 | High | 7.2 | 2026-02-03 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile… |
CVE-2026-1487 | Medium | 6.5 | 2026-03-03 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up… |
CVE-2026-7457 | Medium | 6.4 | 2026-05-06 | The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sa… |
CVE-2026-4785 | Medium | 6.4 | 2026-04-08 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_caption'… |
CVE-2025-6941 | Medium | 6.4 | 2025-09-30 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of… |
CVE-2026-2324 | Medium | 6.1 | 2026-03-11 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and… |
CVE-2025-6815 | Medium | 5.5 | 2025-09-30 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘service[name]’ p… |
CVE-2026-7652 | Medium | 5.3 | 2026-05-09 | The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions… |
CVE-2026-5234 | Medium | 5.3 | 2026-04-17 | The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists beca… |
CVE-2026-1537 | Medium | 5.3 | 2026-02-12 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capabili… |
CVE-2025-3769 | Medium | 5.3 | 2025-05-14 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up t… |
CVE-2026-5365 | Medium | 4.3 | 2026-05-14 | The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verifica… |
CVE-2025-14873 | Medium | 4.3 | 2026-02-14 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and… |