CVE-2024-8943
LatePoint <= 5.0.12 - Authentication BypassThe LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the "Use WordPress users as customers" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13.
We have discovered 683 live websites that are affected by CVE-2024-8943.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 683 live websites (100% of LatePoint install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-288 Authentication Bypass Using an Alternate Path or ChannelDetails
- Published - Oct 8, 2024
- Updated - Oct 8, 2024
Credits
- István Márton (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-8943 United States | 137 websites |
 Italy | 70 websites |
 Germany | 50 websites |
 GB | 50 websites |
 France | 49 websites |
 Spain | 26 websites |
 India | 25 websites |
 Turkey | 17 websites |
 Cyprus | 17 websites |
 Netherlands | 16 websites |
Website Distribution by TLD
Number of websites using CVE-2024-8943| .com | 277 websites |
| .it | 64 websites |
| .co.uk | 25 websites |
| .fr | 19 websites |
| .de | 18 websites |
| .org | 13 websites |
| .es | 12 websites |
| .nl | 11 websites |
| .pl | 10 websites |
| .io | 9 websites |
Websites affected by CVE-2024-8943
Top websites that are affected by CVE-2024-8943. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.io | United States | ***,*** | |
| ********.com | United States | *,***,*** | |
| ***************.com | Italy | *,***,*** | |
| **************.com | Germany | *,***,*** | |
| ***************.***.uk | GB | *,***,*** | |
| ******.*********.com | United States | *,***,*** | |
| *****.com | United States | *,***,*** | |
| ***************.com | United States | *,***,*** | |
| ******.***************.com | France | *,***,*** | |
| ********.com | United States | *,***,*** |
FAQ
CVE-2024-8943 is Authentication Bypass Using an Alternate Path or Channel in LatePoint
A total of 683 websites have been identified as vulnerable to CVE-2024-8943, based on global website indexing conducted by WebTechSurvey.
The LatePoint is affected by the CVE-2024-8943 vulnerability.
LatePoint versions up to and including 5.0.12 are vulnerable to CVE-2024-8943.