Privilege Escalation Vulnerability in LatePoint Plugin by WordPress
CVE-2026-49083

7.5HIGH

Key Information:

Vendor: WordPress
Status: Latepoint
Vendor: CVE Published:; 15 June 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-49083?

A contributor privilege escalation vulnerability exists in the LatePoint Plugin for WordPress, allowing unauthorized users to elevate their permissions and potentially gain access to restricted areas of the website. This issue affects versions up to 5.5.1, making it crucial for site administrators to apply remediation to protect sensitive data and maintain integrity.

Affected Version(s)

LatePoint <= 5.5.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-49083
Created by izxci

References

https://patchstack.com/database/wordpress/plugin/latepoin...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 17, 2026
👾
Exploit known to exist
Jun 17, 2026
Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 27, 2026

Credit

VanTastic | Patchstack Bug Bounty Program

CVE-2026-49083 Data

JSON