{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7052", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-03T19:21:30.973Z", "datePublished": "2025-09-30T04:27:07.926Z", "dateUpdated": "2026-04-08T17:28:31.817Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:28:31.817Z"}, "affected": [{"vendor": "latepoint", "product": "LatePoint \u2013 Calendar Booking Plugin for Appointments and Events", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.1.94", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the change_password() function of its customer_cabinet__change_password AJAX route. The plugin hooks this endpoint via wp_ajax and wp_ajax_nopriv but does not verify a nonce or user capability before resetting the user\u2019s password. This makes it possible for unauthenticated attackers who trick a logged-in customer (or, with \u201cWP users as customers\u201d enabled, an administrator) into visiting a malicious link to take over their account."}], "title": "LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df8a8ce0-7258-40ae-bf73-f8c6185fdd16?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/lib/controllers/customer_cabinet_controller.php#L403"}, {"url": "https://wordpress.org/plugins/latepoint/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/latepoint.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3366851/latepoint/tags/5.2.0/lib/controllers/customer_cabinet_controller.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-07-08T16:23:03.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-09-29T16:24:40.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-30T15:40:40.413047Z", "id": "CVE-2025-7052", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-30T15:40:47.928Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7052", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-30T15:40:40.413047Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-30T15:40:44.705Z"}}], "cna": {"title": "LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "latepoint", "product": "LatePoint \u2013 Calendar Booking Plugin for Appointments and Events", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.1.94"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-08T16:23:03.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-09-29T16:24:40.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df8a8ce0-7258-40ae-bf73-f8c6185fdd16?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/lib/controllers/customer_cabinet_controller.php#L403"}, {"url": "https://wordpress.org/plugins/latepoint/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/latepoint.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3366851/latepoint/tags/5.2.0/lib/controllers/customer_cabinet_controller.php"}], "descriptions": [{"lang": "en", "value": "The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the change_password() function of its customer_cabinet__change_password AJAX route. The plugin hooks this endpoint via wp_ajax and wp_ajax_nopriv but does not verify a nonce or user capability before resetting the user\u2019s password. This makes it possible for unauthenticated attackers who trick a logged-in customer (or, with \u201cWP users as customers\u201d enabled, an administrator) into visiting a malicious link to take over their account."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:28:31.817Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7052", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:28:31.817Z", "dateReserved": "2025-07-03T19:21:30.973Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-30T04:27:07.926Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the change_password() function of its customer_cabinet__change_password AJAX route. The plugin hooks this endpoint via wp_ajax and wp_ajax_nopriv but does not verify a nonce or user capability before resetting the user\u2019s password. This makes it possible for unauthenticated attackers who trick a logged-in customer (or, with \u201cWP users as customers\u201d enabled, an administrator) into visiting a malicious link to take over their account."}, {"lang": "es", "value": "El plugin LatePoint para WordPress es vulnerable a la falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta la 5.1.94, inclusive. Esto se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n change_password() de su ruta AJAX customer_cabinet__change_password. El plugin engancha este endpoint a trav\u00e9s de wp_ajax y wp_ajax_nopriv, pero no verifica un nonce o la capacidad del usuario antes de restablecer la contrase\u00f1a del usuario. Esto hace posible que atacantes no autenticados que enga\u00f1an a un cliente con sesi\u00f3n iniciada (o, con 'WP users as customers' habilitado, a un administrador) para que visiten un enlace malicioso tomen el control de su cuenta."}], "id": "CVE-2025-7052", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-30T11:37:43.183", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/latepoint.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/lib/controllers/customer_cabinet_controller.php#L403"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3366851/latepoint/tags/5.2.0/lib/controllers/customer_cabinet_controller.php"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/latepoint/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df8a8ce0-7258-40ae-bf73-f8c6185fdd16?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:24:39.982418+00:00", "value": {"mitigation_remediation": ["Update the LatePoint plugin to the latest version (\u22655.2.0) which implements nonce validation for the change_password() route.", "Remove or disable the 'WP users as customers' setting if it is not required, to limit the attack surface for administrators.", "Configure server\u2011side rules or use a security plugin to require a valid CSRF token or nonce for the change_password AJAX route, preventing unauthenticated requests from being processed."], "summary": {"action": "Apply Patch", "impact": "Account Takeover via CSRF"}, "threat_synthesis": {"affected_systems": "Affected versions of the LatePoint plugin up to and including 5.1.94. The plugin is a WordPress add\u2011on used for booking appointments and events. All users installing these versions are exposed, including customers and site administrators when the 'WP users as customers' setting is enabled.", "description_and_impact": "The LatePoint calendar booking plugin for WordPress contains a flaw that allows attackers to change a logged\u2011in user's password without authentication. The change_password() AJAX route lacks nonce verification and capability checks, enabling a CSRF attack that can lead to account takeover. The vulnerability conforms to CWE\u2011352.", "risk_and_exploitability": "The CVSS score of 8.8 marks this as a high\u2011severity flaw. The EPSS score of less than 1% suggests the likelihood of exploitation in the near term is low, and the vulnerability is not currently listed in the CISA KEV catalog. However, because the attack can be triggered by a simple forged request and does not require advanced skills, the potential impact remains significant. An attacker who can lure a logged\u2011in user to a crafted URL can immediately reset the password and take over the account."}}}}, "created": "2025-09-30T08:47:23.301534+00:00", "updated": "2026-04-20T19:30:06.167189+00:00", "vendors": ["latepoint", "latepoint$PRODUCT$latepoint", "wordpress", "wordpress$PRODUCT$wordpress"]}