Lucene search
K

97 matches found

CNNVD
CNNVD
added 2024/11/01 12:0 a.m.5 views

WordPress plugin Timetics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.5AI score0.0052EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.5 views

PT-2024-30784 · Arraytics · Arraytics Timetics

Name of the Vulnerable Software and Affected Versions: Arraytics Timetics versions 1.0.0 through 1.0.23 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 1.0.0 through...

9.8CVSS6.5AI score0.0052EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/17 3:32 a.m.35 views

CVE-2024-9263 WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save due to missing validation on a user...

9.8CVSS0.01146EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.2 views

WordPress plugin WP Timetics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS6.6AI score0.01146EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.3 views

PT-2024-39522 · WordPress · Wp Timetics- Ai-Powered Appointment Booking Calendar/Online Scheduling Plugin

Name of the Vulnerable Software and Affected Versions: WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress versions up to, and including, 1.0.25 Description: The issue allows for Account Takeover and Privilege Escalation via Insecure Direct Objec...

9.8CVSS7.1AI score0.01146EPSS
Exploits0References11
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.19 views

WordPress Timetics Plugin <= 1.0.25 is vulnerable to Privilege Escalation

Software Timetics Type Plugin Vulnerable versions = 1.0.25 Fixed in 1.0.26 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-9263 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9e7b0505f08b Credits wesley wcraft Required privilege...

9.8CVSS6.5AI score0.01146EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/26 8:55 a.m.6 views

WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Timetics versions = 1.0.23...

9.8CVSS7AI score0.0052EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.22 views

WordPress Timetics Plugin <= 1.0.23 is vulnerable to Sensitive Data Exposure

Software Timetics Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-43923 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0ab309ff3351 Credits Manab Jyoti Dowarah Required...

9.8CVSS6.3AI score0.0052EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/28 8:36 a.m.4 views

WordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin Timetics versions = 1.0.21...

5.3CVSS7AI score0.00326EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/28 12:0 a.m.18 views

WordPress Timetics Plugin <= 1.0.21 is vulnerable to Broken Access Control

Software Timetics Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37427 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d73e6a480d4b Credits Manab Jyoti Dowarah Required...

5.3CVSS6.9AI score0.00326EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/06/14 4:36 a.m.57 views

CVE-2024-1094

The CVE-2024-1094 entry concerns the Timetics WP Timetics- AI-powered Appointment Booking with Visual Seat Plan and Calendar Scheduling plugin for WordPress. Affected versions are all up to and including 1.0.21, with a missing capability check in make_staff() that allows unauthenticated users to ...

7.3CVSS5.9AI score0.00542EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/14 4:36 a.m.17 views

CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS5.9AI score0.00542EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/14 4:36 a.m.30 views

CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS0.00542EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/14 3:2 a.m.3 views

Wordpress Timetics plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation vulnerability

Missing Authorization to Limited Privilege Escalation vulnerability discovered by Francesco Carlucci in WordPress Plugin Timetics versions = 1.0.21...

7.3CVSS7AI score0.00542EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/14 12:0 a.m.12 views

WordPress Timetics Plugin <= 1.0.21 is vulnerable to Privilege Escalation

Software Timetics Type Plugin Vulnerable versions = 1.0.21 Fixed in 1.0.22 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-1094 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID e5288aa160e9 Credits Francesco...

7.3CVSS6.5AI score0.00542EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.4 views

WordPress plugin Timetics security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.3CVSS6.5AI score0.00542EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.9 views

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin < 1.0.22 - Missing Authorization to Limited Privilege Escalation

Description The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This...

7.3CVSS6.6AI score0.00542EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder