PT-2026-8059 · WordPress · Latepoint – Calendar Booking Plugin For Appointments/Events
Moose Love
·
Published
2026-02-14
·
Updated
2026-02-14
·
CVE-2025-14873
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.2.6
Description
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by the
call by route name function, which validates user capabilities but does not enforce nonce verification. This allows unauthenticated attackers to perform administrative actions by tricking a site administrator into performing an action, such as clicking a link.Recommendations
Update LatePoint – Calendar Booking Plugin for Appointments and Events to version 5.2.6 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Latepoint – Calendar Booking Plugin For Appointments/Events