cleantalk
Vulnerabilities and Security Researches

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling, CVE-2025-5919

CVE, Research URL

CVE-2025-5919

Home page URL

Security reports for Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling

Application

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling

Published on
Jan 06, 2026
Research Description
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36. This makes it possible for unauthenticated attackers to view and modify booking details.
Affected versions
max 1.0.37.
Status
vulnerable
Previous vulnerability researches
Trust Payments Gateway for WooCommerce (CVE-2025-28942) , Mar 23, 2025
New vulnerability
Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling (CVE-2025-5919) , Apr 18, 2026
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible (CVE-2026-0845) , Apr 18, 2026
CodeColorer (CVE-2026-4032) , Apr 17, 2026
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026