Battulga

**Name of the Vulnerable Software and Affected Versions** LatePoint versions prior to 5.3.3 **Description** The LatePoint plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF), a flaw where an attacker tricks a victim into executing unwanted actions. This occurs due to missing nonce verification in the `request cancellation()` function. Unauthenticated attackers can exploit this to cancel bookings for logged-in customers by inducing them to click a malicious link. **Recommendations** Update to a version later than 5.3.2. As a temporary workaround, restrict access to the `request cancellation()` function until the update is applied.