3 matches found
CVE-2024-1094
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...
CVE-2024-1094
The CVE-2024-1094 entry concerns the Timetics WP Timetics- AI-powered Appointment Booking with Visual Seat Plan and Calendar Scheduling plugin for WordPress. Affected versions are all up to and including 1.0.21, with a missing capability check in make_staff() that allows unauthenticated users to ...
WordPress Timetics Plugin <= 1.0.21 is vulnerable to Privilege Escalation
Software Timetics Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-1094 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID e5288aa160e9 Credits Francesco...