Timetics – Appointment Booking & Scheduling
Approved changes feed: RSS · Atom
cpe:2.3:a:arraytics:timetics_–_appointment_booking_&_scheduling:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Arraytics (98c4a677-eca5-5990-824d-c40dd8bba32b) |
|---|---|
| Product | Timetics – Appointment Booking & Scheduling (003edbb6-a900-517f-b1f7-a675adafa06b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-5919 |
vulnerable | 2026-06-08 07:37:26.069434 |
Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification
MEDIUM (6.5)
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36. This makes it possible for unauthenticated attackers to view and modify booking details.
Published: 2026-01-06T08:21:49.906Z
Updated: 2026-04-08T17:26:57.217Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9263 |
vulnerable | 2026-06-08 07:00:27.025782 |
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover
CRITICAL (9.8)
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible.
Published: 2024-10-17T03:32:49.162Z
Updated: 2026-04-08T17:01:13.486Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1094 |
vulnerable | 2026-06-08 06:25:39.239037 |
Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation
HIGH (7.3)
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions. CVE-2024-37427 is likely a duplicate of this issue.
Published: 2024-06-14T04:36:54.514Z
Updated: 2026-04-08T17:01:37.011Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11275 |
vulnerable | 2026-06-08 06:23:49.288474 |
WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion
MEDIUM (4.3)
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.
Published: 2024-12-13T08:24:52.066Z
Updated: 2026-04-08T17:26:23.803Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.