PT-2026-6012 · WordPress · Latepoint – Calendar Booking Plugin For Appointments/Events
Published
2026-02-03
·
Updated
2026-02-03
·
CVE-2026-0617
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.2.6
Description
The LatePoint – Calendar Booking Plugin for Appointments and Events for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the customer profile fields. An unauthenticated attacker can inject arbitrary web scripts that will execute when an administrator views the customer's activity history.
Recommendations
Update to version 5.2.6 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Latepoint – Calendar Booking Plugin For Appointments/Events