WordPress Plugin Vulnerabilities

LatePoint < 5.4.2 - Agent+ Privilege Escalation

Description

The plugin is vulnerable to Privilege Escalation due to a missing authorization check in the execute() method of the connect-customer-to-wp-user ability, which only requires the customer__edit capability granted to the latepoint_agent role by default, without verifying whether the target WordPress user ID belongs to a privileged account. This makes it possible for authenticated attackers with the latepoint_agent role to link any LatePoint customer record to an administrator's WordPress account and subsequently reset the administrator's password via the normal customer password-reset flow, resulting in full site takeover.

Affects Plugins

Plugin icon
latepoint
Fixed in 5.4.2

References

CVE
CVE-2026-6741
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/71e99412-031e-4f4a-9126-dd3a37975246

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
7.2 (high)

Miscellaneous

Original Researcher
skyv3il, Chirita Catalin-Andrei (CC99IE), AmonRa
Verified
No
WPVDB ID
d9ea8ae6-0cac-47ed-a441-149b13c6152b

Timeline

Publicly Published
2026-04-27 (about 16 days ago)
Added
2026-04-27 (about 16 days ago)
Last Updated
2026-04-27 (about 16 days ago)

Other

Published
Title
Published
2025-11-10
Title
Mementor Core <= 2.2.5 - Authenticated (Subscriber+) Privilege Escalation
Published
2021-07-26
Title
Advanced Shipment Tracking for WooCommerce < 3.2.7 - Authenticated Options Change
Published
2019-08-07
Title
Login Or Logout Menu Item < 1.2.0 - Unauthenticated Options Change
Published
2023-03-06
Title
Multiple e-plugins - Subscriber+ Privilege Escalation
Published
2020-03-08
Title
WP Security Audit Log < 4.0.2 - Broken Access Control in First-Time Install Wizard