4 matches found
CVE-2026-6498
The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the validpayment function using a PHP loose comparison == between the attacker-controlled paymentid POST parameter and the...
CVE-2025-15473
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type...
CVE-2025-15473
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type...
CVE-2025-15473
CVE-2025-15473 concerns the Timetics WordPress plugin, prior to version 1.0.52 , which exposes a REST endpoint without proper authorization. This allows unauthenticated users to arbitrarily change a booking’s payment status and post status for the timetics-booking custom post type. The vulnerabil...