Описание
The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and related customer fields before invoking the internal login handler without verifying login status, capability checks, or a valid AJAX nonce. This makes it possible for unauthenticated attackers to log into any customer’s account.
The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and related customer fields before invoking the internal login handler without verifying login status, capability checks, or a valid AJAX nonce. This makes it possible for unauthenticated attackers to log into any customer’s account.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-7038
- https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/latepoint.php
- https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/lib/controllers/steps_controller.php
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3366851%40latepoint&new=3366851%40latepoint&sfp_email=&sfph_mail=
- https://wordpress.org/plugins/latepoint/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d7389e17-a357-481a-8716-3a93cb6afa7c?source=cve
Связанные уязвимости
The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and related customer fields before invoking the internal login handler without verifying login status, capability checks, or a valid AJAX nonce. This makes it possible for unauthenticated attackers to log into any customer’s account.