Threats Tagged 'cve-2026-5234'
View all threats tagged with 'cve-2026-5234'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-5234'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-5234: CWE-639 Authorization Bypass Through User-Controlled Key in latepoint LatePoint – Calendar Booking Plugin for Appointments and EventsCVE-2026-5234 0 The LatePoint WordPress plugin up to version 5. 3. 2 contains an insecure direct object reference vulnerability (CWE-639) in the OsStripeConnectController::create_payment_intent_for_transaction action. This action is publicly accessible without authentication and allows unauthenticated attackers to enumerate invoice IDs and create unauthorized transaction intent records. Sensitive financial data including invoice IDs, order IDs, customer IDs, charge amounts, and Stripe payment intent client secrets can be exposed. Other invoice-related actions in the plugin require cryptographic access keys, but this particular action does not, leading to the authorization bypass. The vulnerability has a CVSS score of 5. 3 (medium severity). No official patch or remediation guidance is currently available from the vendor. Join the discussion | CVE Database V5 | 04/17/2026, 03:36:44 UTC Added: 04/17/2026, 04:31:52 UTC |
Showing 1 to 1 of 1 result