CVE-2025-7052 - Vulnerability Details

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the change_password() function of its customer_cabinet__change_password AJAX route. The plugin hooks this endpoint via wp_ajax and wp_ajax_nopriv but does not verify a nonce or user capability before resetting the user’s password. This makes it possible for unauthenticated attackers who trick a logged-in customer (or, with “WP users as customers” enabled, an administrator) into visiting a malicious link to take over their account.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/latepoint.php
https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/lib/controllers/customer_cabinet_controller.php#L403
https://plugins.trac.wordpress.org/changeset/3366851/latepoint/tags/5.2.0/lib/controllers/customer_cabinet_controller.php
https://wordpress.org/plugins/latepoint/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/df8a8ce0-7258-40ae-bf73-f8c6185fdd16?source=cve

History

Tue, 30 Sep 2025 04:45:00 +0000

Type	Values Removed	Values Added
Description		The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.94. This is due to missing nonce validation on the change_password() function of its customer_cabinet__change_password AJAX route. The plugin hooks this endpoint via wp_ajax and wp_ajax_nopriv but does not verify a nonce or user capability before resetting the user’s password. This makes it possible for unauthenticated attackers who trick a logged-in customer (or, with “WP users as customers” enabled, an administrator) into visiting a malicious link to take over their account.
Title		LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function
Weaknesses		CWE-352
References		https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/latepoint.php https://plugins.trac.wordpress.org/browser/latepoint/tags/5.1.93/lib/controllers/customer_cabinet_controller.php#L403 https://plugins.trac.wordpress.org/changeset/3366851/latepoint/tags/5.2.0/lib/controllers/customer_cabinet_controller.php https://wordpress.org/plugins/latepoint/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/df8a8ce0-7258-40ae-bf73-f8c6185fdd16?source=cve
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-09-30T04:27:07.926Z

Updated: 2025-09-30T04:27:07.926Z

Reserved: 2025-07-03T19:21:30.973Z

Link: CVE-2025-7052

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object