Product
An improper input validation vulnerability (CVE-2026-5356) in the LatePoint - Calendar Booking Plugin for Appointments and Events for WordPress, versions up to and including 5.4.0, allows unauthenticated attackers to exploit its Stripe Connect payment processor by supplying a previously succeeded PaymentIntent ID, resulting in the processing of arbitrary payments.