PT-2026-8059 · WordPress · Latepoint – Calendar Booking Plugin For Appointments/Events

Moose Love

Publicado

2026-02-14

Atualizado

2026-02-14

CVE-2025-14873

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.2.6

Description The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by the call by route name function, which validates user capabilities but does not enforce nonce verification. This allows unauthenticated attackers to perform administrative actions by tricking a site administrator into performing an action, such as clicking a link.

Recommendations Update LatePoint – Calendar Booking Plugin for Appointments and Events to version 5.2.6 or later.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2025-14873

Produtos afetados

Latepoint – Calendar Booking Plugin For Appointments/Events

PT-2026-8059 · WordPress · Latepoint – Calendar Booking Plugin For Appointments/Events

CVE-2025-14873

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7