Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
LatePoint WordPress Plugin Allows Attackers to Access Your Database
CVE-2026-1487
Summary
A security flaw in the LatePoint plugin for WordPress allows an attacker with administrative access to potentially access sensitive information, delete data, or modify your database. This is due to a failure to properly check user-submitted data. Update the plugin to a newer, fixed version to protect your site.
Original title
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insuff...
Original description
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute arbitrary SQL queries on the database that can be used to extract information via time-based techniques, drop tables, or modify data.
nvd CVSS3.1
6.5
Vulnerability type
CWE-89
SQL Injection
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026