CVE-2026-11866
LatePoint < 5.6.3 - Multiple Privileged Actions via CSRF
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The Appointment Booking Plugin WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the connected payment gateway, via Cross-Site Request Forgery against a logged-in administrator.
| Vendor | unknown |
| Product | appointment booking plugin |
| Published | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown appointment booking plugin
Be the first to know when new unknown vulnerabilities affecting unknown appointment booking plugin are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Appointment Booking Plugin
0 < 5.6.3
References
Credits
Meher Sudhakar Abbireddi WPScan