Description
The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route of the latepoint_route_call AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and related customer fields before invoking the internal login handler without verifying login status, capability checks, or a valid AJAX nonce. This makes it possible for unauthenticated attackers to log into any customer’s account.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected products
References
- MISChttps://www.wordfence.com/threat-intel/vulnerabilities/id/d7389e17-a357-481a-8716-3a93cb6afa7c?source=cve
- MISChttps://wordpress.org/plugins/latepoint/#developers
- MISChttps://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/latepoint.php
- MISChttps://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/lib/controllers/steps_controller.php
- MISChttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3366851%40latepoint&new=3366851%40latepoint&sfp_email=&sfph_mail=