Vulnerabilidades en Latepoint

28 resultados

CVE-2024-8943CRITICALLatePoint <= 5.0.12 - Authentication BypassEPSS 3.0%CVE-2024-8911CRITICALLatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL InjectionEPSS 2.8%CVE-2026-7652MEDIUMLatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery MechanismEPSS 0.7%CVE-2026-5234MEDIUMLatePoint <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice IDEPSS 0.7%CVE-2024-2472CRITICALLatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOREPSS 0.6%CVE-2026-7332HIGHLatePoint <= 5.5.0 - Unauthenticated Stored Cross-Site Scripting via 'booking_form_page_url' ParameterEPSS 0.4%CVE-2025-7038HIGHLatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step FunctionEPSS 0.4%CVE-2026-0617HIGHLatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.4%CVE-2026-4785MEDIUMLatePoint <= 5.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.4%CVE-2026-8176HIGHLatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password ResetEPSS 0.3%CVE-2026-7457MEDIUMLatePoint <= 5.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Customer Cabinet Profile UpdateEPSS 0.3%CVE-2026-1487MEDIUMLatePoint <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON ImportEPSS 0.3%CVE-2025-30836MEDIUMWordPress LatePoint plugin <= 5.1.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-1566HIGHLatePoint <= 5.2.7 - Authenticated (Agent+) Privilege EscalationEPSS 0.3%CVE-2026-6741HIGHLatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' AbilityEPSS 0.3%CVE-2026-49083HIGHWordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2025-3769MEDIUMLatepoint <= 5.1.92 - Unauthenticated Insecure Direct Object ReferenceEPSS 0.3%CVE-2024-43945MEDIUMWordPress LatePoint plugin <= 4.9.91 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-1537MEDIUMLatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details ExposureEPSS 0.2%CVE-2024-43992MEDIUMWordPress LatePoint plugin <= 4.9.91 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%

← anteriorpágina 1 / 2siguiente →