Arraytics Timetics Appointment Booking Scheduling vulnerabilities
4 known vulnerabilities affecting arraytics/timetics_appointment_booking_scheduling.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-9263P2CRITICALCVSS 9.8≤ 1.0.252024-10-17
CVE-2024-9263 [CRITICAL] CWE-639 CVE-2024-9263: The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for Wor
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticat
nvd
CVE-2024-1094P3HIGHCVSS 7.3≤ 1.0.212024-06-14
CVE-2024-1094 [HIGH] CWE-862 CVE-2024-1094: The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff p
nvd
CVE-2025-5919P3MEDIUMCVSS 6.5≤ 1.0.362026-01-06
CVE-2025-5919 [MEDIUM] CWE-862 CVE-2025-5919: The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnera
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36. This makes it possible for unauthenticated attackers to view and modify booki
nvd
CVE-2024-11275P4MEDIUMCVSS 4.3≤ 1.0.272024-12-13
CVE-2024-11275 [MEDIUM] CWE-639 CVE-2024-11275: The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for Wor
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetic
nvd