WordPress Plugin Vulnerabilities
LatePoint < 5.0.12 - Unauthenticated Arbitrary User Password Change via SQL Injection
Description
The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note that changing a WordPress user's password is only possible if the "Use WordPress users as customers" setting is enabled, which is disabled by default. Without this setting enabled, only the passwords of plugin customers, which are stored and managed in a separate database table, can be modified.
Affects Plugins
Fixed in 5.0.12 References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
István Márton
Verified
No
WPVDB ID
Timeline
Publicly Published
2024-09-20 (about 1 year ago)
Added
2024-10-07 (about 1 year ago)
Last Updated
2024-10-08 (about 1 year ago)
WPScan 