{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T23:54:45.547","vulnerabilities":[{"cve":{"id":"CVE-2024-8911","sourceIdentifier":"security@wordfence.com","published":"2024-10-08T09:15:19.077","lastModified":"2025-02-20T15:30:18.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note that changing a WordPress user's password is only possible if the \"Use WordPress users as customers\" setting is enabled, which is disabled by default. Without this setting enabled, only the passwords of plugin customers, which are stored and managed in a separate database table, can be modified."},{"lang":"es","value":"El complemento LatePoint para WordPress es vulnerable al cambio arbitrario de contraseñas de usuarios mediante inyección SQL en versiones hasta la 5.0.11 incluida. Esto se debe a un escape insuficiente en el parámetro suministrado por el usuario y a la falta de preparación suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados cambien las contraseñas de los usuarios y potencialmente se apropien de las cuentas de administrador. Tenga en cuenta que cambiar la contraseña de un usuario de WordPress solo es posible si está habilitada la configuración \"Usar usuarios de WordPress como clientes\", que está deshabilitada de forma predeterminada. Sin esta configuración habilitada, solo se pueden modificar las contraseñas de los clientes del complemento, que se almacenan y administran en una tabla de base de datos separada."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:latepoint:latepoint:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"5.0.12","matchCriteriaId":"243AB190-F020-4345-9D31-3480C00B1A2D"}]}]}],"references":[{"url":"https://wpdocs.latepoint.com/changelog/","source":"security@wordfence.com","tags":["Release Notes"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5c9a23a3-5eb5-4f5b-bf32-c9d163426f29?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}