CVE-2025-6941 in LatePoint Plugin信息

摘要

由 VulDB • 2026-06-29

WordPress插件LatePoint – Calendar Booking Plugin for Appointments and Events在所有5.1.94及以下版本中,由于输入清理和输出转义不足,存在存储型跨站脚本漏洞(Stored Cross-Site Scripting)。攻击者可通过`latepoint_resources`短代码的`id`参数注入恶意内容。这使得具有Contributor级别及以上权限的攻击者能够在页面中注入任意Web脚本,当用户访问被植入该脚本的页面时,脚本将自动执行。

If you want to get best quality of vulnerability data, you may have to visit VulDB.

来源

Might our Artificial Intelligence support you?

Check our Alexa App!