CVE-2026-9719 – LatePoint

CVE ID :CVE-2026-9719

Published : June 6, 2026, 12:16 a.m. | 16 minutes ago

Description :The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the change_status function. This makes it possible for unauthenticated attackers to change the status of arbitrary invoices — including marking unpaid invoices as paid — without administrator consent via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9281 – Master Addons For Elementor

CVE-2026-9008 – Page-list

CVE-2026-8901 – Integration for Freshsales

CVE-2026-8438 – All-In-One Security (AIOS)