๐Ÿ” CVE Alert

CVE-2026-11866

UNKNOWN 0.0

LatePoint < 5.6.3 - Multiple Privileged Actions via CSRF

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the connected payment gateway, via Cross-Site Request Forgery against a logged-in administrator.

Vendor unknown
Product appointment booking plugin
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for unknown appointment booking plugin

Be the first to know when new unknown vulnerabilities affecting unknown appointment booking plugin are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Appointment Booking Plugin
0 < 5.6.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/84e936b8-1978-4dc3-aa40-5ce49bfdc445/

Credits

Meher Sudhakar Abbireddi WPScan