GCVE - cpe:2.3:a:arraytics:timetics:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:arraytics:timetics:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Arraytics (`98c4a677-eca5-5990-824d-c40dd8bba32b`)
Product	Timetics (`638241d8-f02e-5833-9b2a-bc067de7bbbb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-39432`	vulnerable	2026-06-08 08:01:16.503447	WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability HIGH (8.2) Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53. Published: 2026-05-12T07:49:19.358Z Updated: 2026-05-12T12:43:40.710Z Open on db.gcve.eu Reference links https://patchstack.com/database/wordpress/plugin/timetics/vulnerability/wordpress-timetics-plugin-1-0-53-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67915`	vulnerable	2026-06-08 07:41:20.589704	WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability HIGH (8.8) Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46. Published: 2026-01-08T09:17:45.304Z Updated: 2026-04-28T16:14:23.250Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/timetics/vulnerability/wordpress-timetics-plugin-1-0-46-broken-authentication-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-64268`	vulnerable	2026-06-08 07:39:18.305660	WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability HIGH (7.5) Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44. Published: 2025-12-18T07:22:14.683Z Updated: 2026-04-28T18:28:44.581Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/timetics/vulnerability/wordpress-timetics-plugin-1-0-44-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-30828`	vulnerable	2026-06-08 07:17:01.888407	WordPress Timetics plugin <= 1.0.29 - Broken Access Control vulnerability MEDIUM (5.3) Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.29. Published: 2025-03-27T10:55:17.023Z Updated: 2026-04-28T16:11:58.667Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/timetics/vulnerability/wordpress-timetics-plugin-1-0-29-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9263`	vulnerable	2026-06-08 07:00:27.025148	WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover CRITICAL (9.8) The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible. Published: 2024-10-17T03:32:49.162Z Updated: 2026-04-08T17:01:13.486Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/74bd595b-d2fa-4c62-82d2-dba2c2b128f0?source=cve https://plugins.trac.wordpress.org/browser/timetics/tags/1.0.25/core/customers/customer.php#L299 https://plugins.trac.wordpress.org/changeset/3169771/timetics/trunk/core/customers/customer.php https://plugins.trac.wordpress.org/changeset/3169771/timetics/trunk/core/customers/api-customer.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-43923`	vulnerable	2026-06-08 06:45:53.228759	WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability MEDIUM (5.3) Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23. Published: 2024-11-01T14:17:21.209Z Updated: 2026-04-28T16:10:13.609Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/timetics/wordpress-timetics-plugin-1-0-23-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37427`	vulnerable	2026-06-08 06:39:47.549345	WordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerability MEDIUM (5.3) Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21. Published: 2024-11-01T14:18:23.641Z Updated: 2026-04-28T16:09:58.612Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/timetics/wordpress-timetics-plugin-1-0-21-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.