Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

LatePoint – Calendar Booking Plugin for Appointments and Events — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in LatePoint – Calendar Booking Plugin for Appointments and Events, with AI-generated Chinese analysis, references, and POCs.

LatePoint is a calendar booking plugin for appointments and events developed by a third-party vendor, and this page catalogs its associated security weaknesses. The vulnerability aggregation page collects all known security issues reported for this specific software product, covering data from its initial release through the most recent advisory updates. By browsing this section, users can track the vendor’s security advisories as they are published, gain a deeper understanding of specific weakness classes such as cross-site scripting or SQL injection that may affect this tool, and review the complete vulnerability history associated with the product over time. This resource is designed to provide developers, security auditors, and website administrators with a centralized view of the security landscape surrounding LatePoint. It does not offer mitigation strategies or patches directly but serves as an informational hub to help stakeholders assess risk and plan maintenance cycles. Understanding the pattern and severity of past vulnerabilities can aid in prioritizing updates and strengthening the overall security posture of websites relying on this booking solution. The data presented here is sourced from public security databases and official vendor notifications, ensuring that the information reflects verified reports rather than speculative flaws. This approach allows for a transparent and comprehensive overview of the product’s security track record.

Vendor: latepoint

CVE IDTitleCVSSSeverityPublished
CVE-2026-5365 LatePoint <= 5.3.2 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX Route CWE-352 4.3 Medium2026-05-14
CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism CWE-640 5.3 Medium2026-05-09
CVE-2026-7332 LatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' Parameter CWE-79 7.2 High2026-05-06
CVE-2026-7457 LatePoint <= 5.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Customer Cabinet Profile Update CWE-79 6.4 Medium2026-05-06
CVE-2026-6741 LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability CWE-269 8.8 High2026-04-27
CVE-2026-5234 LatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID CWE-639 5.3 Medium2026-04-17
CVE-2026-4785 LatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2026-04-08
CVE-2026-2324 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.7 - Cross-Site Request Forgery in Booking Form Settings Update to Stored Cross-Site Scripting CWE-352 6.1 Medium2026-03-11
CVE-2026-1487 LatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import CWE-89 6.5 Medium2026-03-03
CVE-2026-1566 LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation CWE-269 8.8 High2026-03-02
CVE-2025-14873 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery CWE-352 4.3 Medium2026-02-14
CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure CWE-862 5.3 Medium2026-02-12
CVE-2026-0617 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2026-02-03
CVE-2025-7052 LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function CWE-352 8.8 High2025-09-30
CVE-2025-7038 LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function CWE-288 8.2 High2025-09-30
CVE-2025-6941 LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2025-09-30
CVE-2025-6815 LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 5.5 Medium2025-09-30
CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference CWE-639 5.3 Medium2025-05-14

All 18 known CVE vulnerabilities affecting LatePoint – Calendar Booking Plugin for Appointments and Events with full Chinese analysis, references, and POCs where available.