Primary

Context

LatePoint Calendar Booking Plugin for WordPress Cross-Site Request Forgery Vulnerability

Vulnerability

Patched

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the LatePoint Calendar Booking Plugin for Appointments and Events, affecting all versions through 5.2.7. The issue arises from inadequate nonce validation in the reload_preview() function, allowing unauthenticated attackers to manipulate settings and inject malicious scripts by tricking a site administrator into clicking a link.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in plugin settings and the injection of malicious scripts that could be executed in the context of the user.

Remediation

Users are advised to update the LatePoint Calendar Booking Plugin for Appointments and Events to version 5.2.8 or later.

Added: Mar 11, 2026, 2:18 AM

Updated: Mar 11, 2026, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

7.0

remediation

7.7

relevance

3.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

7.0

remediation

7.7

relevance

3.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LatePoint Calendar Booking Plugin for WordPress Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

LatePoint

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating