PT-2024-39522 · WordPress · Wp Timetics- Ai-Powered Appointment Booking Calendar/Online Scheduling Plugin

Name of the Vulnerable Software and Affected Versions: WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress versions up to, and including, 1.0.25 Description: The issue allows for Account Takeover and Privilege Escalation via Insecure Direct Objec...

WordPress Timetics Plugin <= 1.0.25 is vulnerable to Privilege Escalation

Software Timetics Type Plugin Vulnerable versions = 1.0.25 Fixed in 1.0.26 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-9263 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9e7b0505f08b Credits wesley wcraft Required privilege...

WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Timetics versions = 1.0.23...

WordPress Timetics Plugin <= 1.0.23 is vulnerable to Sensitive Data Exposure

Software Timetics Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43923 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0ab309ff3351 Credits Manab Jyoti Dowarah Required...

WordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Timetics versions = 1.0.21...

WordPress Timetics Plugin <= 1.0.21 is vulnerable to Broken Access Control

Software Timetics Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37427 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d73e6a480d4b Credits Manab Jyoti Dowarah Required...

CVE-2024-1094

The CVE-2024-1094 entry concerns the Timetics WP Timetics- AI-powered Appointment Booking with Visual Seat Plan and Calendar Scheduling plugin for WordPress. Affected versions are all up to and including 1.0.21, with a missing capability check in make_staff() that allows unauthenticated users to ...

CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...

CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...

Wordpress Timetics plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation vulnerability

Missing Authorization to Limited Privilege Escalation vulnerability discovered by Francesco Carlucci in WordPress Plugin Timetics versions = 1.0.21...

WordPress Timetics Plugin <= 1.0.21 is vulnerable to Privilege Escalation

Software Timetics Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-1094 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID e5288aa160e9 Credits Francesco...

WordPress plugin Timetics security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin < 1.0.22 - Missing Authorization to Limited Privilege Escalation

Description The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This...