LatePoint – Calendar Booking Plugin for Appointments and Events Plugin <= 5.5.0

The LatePoint WordPress plugin is vulnerable to stored XSS via the booking_form_page_url parameter, allowing unauthenticated attackers to inject arbitrary web scripts in pages that execute when a user accesses the injected page.