PT-2026-24547 · WordPress · Latepoint – Calendar Booking Plugin For Appointments/Events

Lukasz Sobanski

Publicado

2026-03-11

Atualizado

2026-03-11

CVE-2026-2324

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions through 5.2.7

Description The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by insufficient or incorrect nonce validation within the reload preview() function. An unauthenticated attacker could potentially update settings and inject malicious web scripts by forging a request, provided they can mislead a site administrator into performing an action.

Recommendations Update LatePoint – Calendar Booking Plugin for Appointments and Events to a version later than 5.2.7.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2026-2324

Produtos afetados

Latepoint – Calendar Booking Plugin For Appointments/Events

PT-2026-24547 · WordPress · Latepoint – Calendar Booking Plugin For Appointments/Events

CVE-2026-2324

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6