Approved changes feed: RSS · Atom

cpe:2.3:a:arraytics:timetics_–_appointment_booking_&_scheduling:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorArraytics (98c4a677-eca5-5990-824d-c40dd8bba32b)
ProductTimetics – Appointment Booking & Scheduling (003edbb6-a900-517f-b1f7-a675adafa06b)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-5919 vulnerable 2026-06-08 07:37:26.069434 Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification
MEDIUM (6.5)
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36. This makes it possible for unauthenticated attackers to view and modify booking details.
Published: 2026-01-06T08:21:49.906Z
Updated: 2026-04-08T17:26:57.217Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-9263 vulnerable 2026-06-08 07:00:27.025782 WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover
CRITICAL (9.8)
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible.
Published: 2024-10-17T03:32:49.162Z
Updated: 2026-04-08T17:01:13.486Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1094 vulnerable 2026-06-08 06:25:39.239037 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation
HIGH (7.3)
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions. CVE-2024-37427 is likely a duplicate of this issue.
Published: 2024-06-14T04:36:54.514Z
Updated: 2026-04-08T17:01:37.011Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-11275 vulnerable 2026-06-08 06:23:49.288474 WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion
MEDIUM (4.3)
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.
Published: 2024-12-13T08:24:52.066Z
Updated: 2026-04-08T17:26:23.803Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.