VYPR

Timetics

by WordPress

Source repositories

CVEs (11)

  • CVE-2025-67915HigJan 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.

  • CVE-2024-9263CriOct 17, 2024
    risk 0.57cvss 9.8epss 0.01

    The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing…

  • CVE-2026-39432HigMay 12, 2026
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53.

  • CVE-2025-64268HigDec 18, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44.

  • CVE-2025-5919MedJan 6, 2026
    risk 0.42cvss 6.5epss 0.00

    The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36.…

  • CVE-2024-1094HigJun 14, 2024
    risk 0.40cvss 7.3epss 0.01

    The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including,…

  • CVE-2025-30828MedMar 27, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.29.

  • CVE-2024-37427MedNov 1, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21.

  • CVE-2025-15473MedMar 12, 2026
    risk 0.28cvss 4.3epss 0.00

    The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.

  • CVE-2024-11275MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including,…

  • CVE-2024-43923Nov 1, 2024
    risk 0.00cvss epss 0.01

    Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23.