LatePoint

LatePoint

Developer

5.2.4

Latest version

100,000

Installations

Oct 2, 2025

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Vulnerability history

2 present

10 fixed

5 Mitigation rules

Cross-Site Request Forgery to Account Takeover via change_password() Function vulnerability
<= 5.1.94
Sep 30, 2025
Unauthenticated Authentication Bypass via load_step Function vulnerability
<= 5.1.94
Sep 30, 2025
Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
<= 5.1.94
Sep 30, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
<= 5.1.94
Sep 30, 2025
Unauthenticated LFI vulnerability
< 5.1.94
Aug 13, 2025
Unauthenticated Insecure Direct Object Reference vulnerability
<= 5.1.92
May 13, 2025
Cross Site Scripting (XSS) vulnerability
<= 5.1.6
Mar 27, 2025
Authentication Bypass vulnerability
<= 5.0.12
Oct 8, 2024
Unauthenticated Arbitrary User Password Change via SQL Injection vulnerability
<= 5.0.11
Oct 8, 2024
Cross Site Scripting (XSS) vulnerability
<= 4.9.91
Aug 29, 2024
Cross Site Request Forgery (CSRF) vulnerability
<= 4.9.91
Aug 26, 2024
Missing Authorization and Sensitive Information Exposure via IDOR vulnerability
<= 4.9.9
Jun 14, 2024