CVE-2025-15473
CVE-2025-15473 concerns the Timetics WordPress plugin, prior to version 1.0.52 , which exposes a REST endpoint without proper authorization. This allows unauthenticated users to arbitrarily change a booking’s payment status and post status for the timetics-booking custom post type. The vulnerabil...