Lucene search
K

40 matches found

CVE
CVE
added 2026/07/02 11:15 a.m.14 views

CVE-2026-57674

CVE-2026-57674 affects WordPress Timetics plugin versions up to 1.0.58, with an unauthenticated Cross Site Scripting (XSS) vulnerability. The available documents identify the affected product and the issue type, including a CVSS 3.1 base score of 7.1 (HIGH) with network access, no privileges requ...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/30 2:59 p.m.6 views

WordPress Timetics plugin <= 1.0.58 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Timetics versions = 1.0.58...

7.1CVSS5.8AI score0.00191EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/05/12 7:49 a.m.13 views

CVE-2026-39432

CVE-2026-39432 affects WordPress Timetics plugin (versions ≤ 1.0.53). The issue is a Missing Authorization vulnerability described as Broken Access Control, allowing exploitation due to incorrectly configured access control levels. CVSSv3.1 base score 8.2 (HIGH) with network attack vector, low at...

8.2CVSS5.8AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 7:49 a.m.39 views

CVE-2026-39432 WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53...

8.2CVSS0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin Timetics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.2CVSS5.8AI score0.00244EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/07 11:39 a.m.5 views

WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Simone Maion in WordPress Plugin Timetics versions = 1.0.53...

5.9AI score0.00244EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.5 views

CVE-2025-15473

The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/12 11:11 p.m.14 views

WordPress Timetics plugin < 1.0.52 - Unauthenticated Payment/Booking Status Update vulnerability

Unauthenticated Payment/Booking Status Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Timetics versions 1.0.52...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/12 6:0 a.m.31 views

CVE-2025-15473 Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update

The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type...

0.00164EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 6:0 a.m.6 views

CVE-2025-15473

The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type...

5.8AI score0.00164EPSS
Exploits0References1
CVE
CVE
added 2026/03/12 6:0 a.m.15 views

CVE-2025-15473

CVE-2025-15473 concerns the Timetics WordPress plugin, prior to version 1.0.52 , which exposes a REST endpoint without proper authorization. This allows unauthenticated users to arbitrarily change a booking’s payment status and post status for the timetics-booking custom post type. The vulnerabil...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.7 views

PT-2026-24924

The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type...

5.8AI score0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/08 9:17 a.m.2 views

CVE-2025-67915 WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through = 1.0.46...

8.8CVSS6.6AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 2026/01/08 9:17 a.m.10 views

CVE-2025-67915

CVE-2025-67915 affects the Timetics: Appointment Booking Calendar (WP Timetics Booking Plugin) Timetics &lt;= 1.0.46. Wordfence reports an Incorrect Authorization issue (Authenticated Timetics Customer+) that enables user creation, i.e., an authentication/authorization bypass leading to account c...

8.8CVSS6.6AI score0.0037EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.3 views

WordPress plugin Timetics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.8CVSS6.8AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/06 8:21 a.m.3 views

CVE-2025-5919 Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification

The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and registerroutes functions in all versions up to, and including, 1.0.36. This makes it possible...

6.5CVSS5AI score0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/01/06 8:21 a.m.22 views

CVE-2025-5919

CVE-2025-5919 affects the WordPress plugin “Appointment Booking Calendar – WP Timetics Booking Plugin.” The vulnerability stems from a missing capability check in the update and register_routes functions across versions up to 1.0.36, allowing unauthenticated attackers to view and modify booking d...

6.5CVSS5AI score0.0021EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/05 5:58 a.m.10 views

WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by daroo in WordPress Plugin Timetics versions = 1.0.46...

9.8CVSS7AI score0.0037EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/18 7:22 a.m.1 views

CVE-2025-64268 WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through = 1.0.44...

7.5CVSS6.6AI score0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 7:22 a.m.23 views

CVE-2025-64268 WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through = 1.0.44...

7.5CVSS0.00287EPSS
Exploits0References1
Rows per page
Query Builder