ByteOS Network

CVE Vulnerability Details :

CVE-2026-7652

PUBLISHED

More Info Official Page

Assigner-Wordfence

Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599

Published At-09 May, 2026 | 02:25

Updated At-09 May, 2026 | 02:25

▼CVE Numbering Authority (CNA)

LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the save_connected_wordpress_user() function propagating a LatePoint customer's email address to its linked WordPress user account via wp_update_user() without any ownership verification, combined with the guest booking flow's ability to overwrite an existing customer's email through phone-based merge without authentication. This makes it possible for unauthenticated attackers to overwrite the email address of a non-super-admin WordPress user account that is not yet linked to a LatePoint customer, enabling full account takeover by subsequently triggering the standard WordPress password-reset flow to the attacker-controlled address granted the plugin is configured with WordPress user integration enabled, phone-based contact merging, and customer authentication disabled. Administrator accounts on single-site installs are not affected.

Affected Products

Vendor

latepoint

Product

LatePoint – Calendar Booking Plugin for Appointments and Events

Default Status

unaffected

Versions

Affected

From 0 through 5.5.0 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-640	CWE-640 Weak Password Recovery Mechanism for Forgotten Password

Type: CWE

CWE ID: CWE-640

Description: CWE-640 Weak Password Recovery Mechanism for Forgotten Password

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Credits

finder

Michael Iden

Timeline

Event	Date
Vendor Notified	2026-05-01 18:12:32
Disclosed	2026-05-08 14:16:05

Event: Vendor Notified

Date: 2026-05-01 18:12:32

Event: Disclosed

Date: 2026-05-08 14:16:05

References

Hyperlink	Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/bdaa32cd-a148-4554-9fd5-f5b0a5b2d1c3?source=cve	N/A
https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.2/lib/helpers/steps_helper.php#L1940	N/A
https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.2/lib/helpers/customer_helper.php#L238	N/A
https://plugins.trac.wordpress.org/browser/latepoint/trunk/latepoint.php#L1165	N/A
https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/latepoint.php#L1165	N/A
https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/steps_helper.php#L1972	N/A
https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/helpers/steps_helper.php#L1972	N/A
https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/steps_helper.php#L1940	N/A
https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/helpers/steps_helper.php#L1940	N/A
https://plugins.trac.wordpress.org/browser/latepoint/trunk/lib/helpers/customer_helper.php#L238	N/A
https://plugins.trac.wordpress.org/browser/latepoint/tags/5.5.0/lib/helpers/customer_helper.php#L238	N/A
https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.2/latepoint.php#L1165	N/A
https://plugins.trac.wordpress.org/browser/latepoint/tags/5.4.2/lib/helpers/steps_helper.php#L1972	N/A
https://plugins.trac.wordpress.org/changeset/3522933/latepoint/trunk/latepoint.php	N/A
https://plugins.trac.wordpress.org/changeset?old_path=%2Flatepoint/tags/5.5.0&new_path=%2Flatepoint/tags/5.5.1	N/A