CVE-2025-5919
published 2026-01-06CVE-2025-5919: The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to…
PriorityP338medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.21%
11.2th percentile
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36. This makes it possible for unauthenticated attackers to view and modify booking details.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arraytics | timetics_appointment_booking_scheduling | <= 1.0.36 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-5919 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-5919 [MEDIUM] CVE-2025-5919 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-5919 :
WordPress vulnerability analysis and mitigation
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36. This makes it possible for unauthenticated attackers to view and modify booking details.
Source : NVD
## 6.5
Score
Published January 6, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
timetics
Sources
NVD
Bugzilla
CVE-2025-23153 kernel: arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch()
bugzilla·2025-05-01·CVSS 5.5
CVE-2025-23153 [MEDIUM] CVE-2025-23153 kernel: arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch()
CVE-2025-23153 kernel: arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch()
In the Linux kernel, the following vulnerability has been resolved:
arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch()
Fix a silly bug where an array was used outside of its scope.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025050128-CVE-2025-23153-5919@gregkh/T
2026-01-06
Published