3 results (0.004 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

24 Sep 2024 — The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the "Use WordPress users as customers" setting is enabled, which is disabl... • https://wpdocs.latepoint.com/changelog • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

20 Sep 2024 — The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note that changing a WordPress user's password is only possible if the "Use WordPress users as customers" setti... • https://wpdocs.latepoint.com/changelog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

13 Jun 2024 — The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account. El complemento Late... • https://aramhairchitects.nl • CWE-639: Authorization Bypass Through User-Controlled Key •