PT-2026-56400 · Latepoint · Latepoint – Calendar Booking Plugin For Appointments/Events

Andrés Cruciani

·

Publicado

2026-07-08

·

Atualizado

2026-07-08

·

CVE-2026-5356

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it possible for unauthenticated attackers to pay an arbitrary amount by supplying a previously succeeded PaymentIntent token.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-5356

Produtos afetados

Latepoint – Calendar Booking Plugin For Appointments/Events