Vendor

Wordfence

1 brief RSS

LatePoint WordPress Plugin Vulnerable to Stored XSS (CVE-2026-7448)

The LatePoint WordPress plugin is vulnerable to stored cross-site scripting (XSS) via the 'first_name' parameter, affecting versions up to 5.5.0, allowing unauthenticated attackers to inject malicious scripts.

LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.5.0 wordpress xss cve-2026-7448

2r 1t 1c 2h ago