Vulnerabilities and security researches fortimetics timetics

Jun 17, 2024

CVE, Research URL: CVE-2024-1094
Home page URL: Security reports for Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Application: Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Date: Jun 14, 2024
Research Description: The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions.
Affected versions: max 1.0.22.
Status: vulnerable

Jul 02, 2024

CVE, Research URL: CVE-2024-37427
Home page URL: Security reports for Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Application: Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21.
Affected versions: max 1.0.22.
Status: vulnerable

Aug 29, 2024

CVE, Research URL: CVE-2024-43923
Home page URL: Security reports for Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Application: Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23.
Affected versions: max 1.0.24.
Status: vulnerable

Oct 18, 2024

CVE, Research URL: CVE-2024-9263
Home page URL: Security reports for Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Application: Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Date: Oct 17, 2024
Research Description: The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible.
Affected versions: max 1.0.26.
Status: vulnerable

Dec 15, 2024

CVE, Research URL: CVE-2024-11275
Home page URL: Security reports for Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Application: Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Date: Dec 13, 2024
Research Description: The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.
Affected versions: max 1.0.28.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-30828
Home page URL: Security reports for Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Application: Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Date: Mar 27, 2025
Research Description: Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29.
Affected versions: max 1.0.30.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-64268
Home page URL: Security reports for Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Application: Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Date: Dec 18, 2025
Research Description: Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44.
Affected versions: max 1.0.44.
Status: vulnerable

Mar 30, 2026

CVE, Research URL: CVE-2025-15473
Home page URL: Security reports for Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Application: Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling
Date: Mar 12, 2026
Research Description: The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
Affected versions: max 1.0.52.
Status: vulnerable