cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8943,https://securityvulnerability.io/vulnerability/CVE-2024-8943,Authentication Bypass Vulnerability Affects LatePoint Plugin for WordPress,"The LatePoint plugin for WordPress contains an authentication bypass vulnerability that affects versions up to and including 5.0.12. Due to inadequate verification of the user supplied during the booking customer process, unauthenticated attackers can potentially log in as any existing user on the site, including administrators, if they possess the necessary user ID. The risk is elevated when the 'Use WordPress users as customers' setting is enabled, which is not the default configuration. The issue has been partially remedied in version 5.0.12 and fully addressed in version 5.0.13. Website administrators are strongly recommended to update their LatePoint plugin to the latest version to mitigate the risks associated with this vulnerability.",Wordpress,Latepoint Plugin,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,2024-10-08T08:33:18.812Z,0
CVE-2024-8911,https://securityvulnerability.io/vulnerability/CVE-2024-8911,Unauthenticated SQL Injection Vulnerability Affects WordPress Users,"The LatePoint plugin for WordPress features a security vulnerability due to improper handling of user input, leading to an SQL Injection flaw. This vulnerability allows malicious actors to change user passwords without authentication, particularly affecting WordPress users if the 'Use WordPress users as customers' setting is enabled. When this setting is configured, attackers could manipulate the SQL queries, resulting in unauthorized access to user accounts, including potential control over administrator credentials. The risk emphasizes the importance of securing plugin settings and ensuring timely updates to maintain website integrity.",Wordpress,Latepoint Plugin,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,2024-10-08T08:33:18.169Z,0
CVE-2024-2472,https://securityvulnerability.io/vulnerability/CVE-2024-2472,Unauthorized Access to Customer Data in LatePoint Plugin,"The LatePoint Plugin for WordPress contains a vulnerability that allows unauthorized access and data modification due to a missing capability check in the 'start_or_use_session_for_customer' function. Versions up to and including 4.9.9 are affected, allowing unauthenticated attackers to access customer information, including personal identifiable information (PII) such as email addresses. Additionally, these attackers can change user passwords within LatePoint, potentially leading to further unauthorized actions on associated WordPress accounts. This poses a serious risk to user privacy and data security.",Wordpress,Latepoint Plugin,9.1,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-14T09:36:37.719Z,0