cleantalk
Vulnerabilities and Security Researches

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling, CVE-2025-15473

CVE, Research URL

CVE-2025-15473

Home page URL

Security reports for Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling

Application

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling

Published on
Mar 12, 2026
Research Description
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
Affected versions
max 1.0.52.
Status
vulnerable
Previous vulnerability researches
YayMail – WooCommerce Email Customizer (CVE-2026-27327) , Mar 29, 2026
New vulnerability
Gallery Block (Meow Gallery) (CVE-2026-32418) , Mar 30, 2026
Master Addons for Elementor (CVE-2026-32462) , Mar 30, 2026
Elementor Addon Elements (CVE-2026-28131) , Mar 30, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-32539) , Mar 30, 2026
Kargo Takip (CVE-2026-25365) , Mar 30, 2026