38 matches found
CVE-2026-39432
CVE-2026-39432 affects WordPress Timetics plugin (versions ≤ 1.0.53). The issue is a Missing Authorization vulnerability described as Broken Access Control, allowing exploitation due to incorrectly configured access control levels. CVSSv3.1 base score 8.2 (HIGH) with network attack vector, low at...
CVE-2026-39432 WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53...
WordPress plugin Timetics 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Simone Maion in WordPress Plugin Timetics versions = 1.0.53...
CVE-2025-15473
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type...
WordPress Timetics plugin < 1.0.52 - Unauthenticated Payment/Booking Status Update vulnerability
Unauthenticated Payment/Booking Status Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Timetics versions 1.0.52...
CVE-2025-15473 Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type...
CVE-2025-15473
The Timetics WordPress plugin (versions prior to 1.0.52) exposes a REST endpoint with insufficient authorization, allowing unauthenticated actors to arbitrarily modify a booking’s payment status and post status for the custom post type timetics-booking. The description does not provide exploit de...
CVE-2025-15473
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type...
PT-2026-24924
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type...
CVE-2025-67915 WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through = 1.0.46...
CVE-2025-67915
CVE-2025-67915 affects the Timetics: Appointment Booking Calendar (WP Timetics Booking Plugin) Timetics <= 1.0.46. Wordfence reports an Incorrect Authorization issue (Authenticated Timetics Customer+) that enables user creation, i.e., an authentication/authorization bypass leading to account c...
WordPress plugin Timetics 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-5919
CVE-2025-5919 affects the WordPress plugin “Appointment Booking Calendar – WP Timetics Booking Plugin.” The vulnerability stems from a missing capability check in the update and register_routes functions across versions up to 1.0.36, allowing unauthenticated attackers to view and modify booking d...
CVE-2025-5919 Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and registerroutes functions in all versions up to, and including, 1.0.36. This makes it possible...
WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by daroo in WordPress Plugin Timetics versions = 1.0.46...
CVE-2025-64268 WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through = 1.0.44...
CVE-2025-64268 WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through = 1.0.44...
WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Timetics versions = 1.0.44...
EUVD-2024-34018
Malicious code in bioql PyPI...