CVE-2026-39432

CVE-2026-39432 affects WordPress Timetics plugin (versions ≤ 1.0.53). The issue is a Missing Authorization vulnerability described as Broken Access Control, allowing exploitation due to incorrectly configured access control levels. CVSSv3.1 base score 8.2 (HIGH) with network attack vector, low at...

CVE-2025-67915

CVE-2025-67915 affects the Timetics: Appointment Booking Calendar (WP Timetics Booking Plugin) Timetics <= 1.0.46. Wordfence reports an Incorrect Authorization issue (Authenticated Timetics Customer+) that enables user creation, i.e., an authentication/authorization bypass leading to account c...

CVE-2025-67915 WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through = 1.0.46...

CVE-2025-5919 Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification

The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and registerroutes functions in all versions up to, and including, 1.0.36. This makes it possible...

CVE-2025-64268 WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through = 1.0.44...

WordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Timetics versions = 1.0.21...