Search
Search Results (8 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14657 | 2 Arraytics, Wordpress | 2 Eventin, Wordpress | 2026-01-09 | 7.2 High |
| The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'post_settings' function in all versions up to, and including, 4.0.51. This makes it possible for unauthenticated attackers to modify plugin settings. Furthermore, due to insufficient input sanitization and output escaping on the 'etn_primary_color' setting, this enables unauthenticated attackers to inject arbitrary web scripts that will execute whenever a user accesses a page where Eventin styles are loaded. | ||||
| CVE-2025-67915 | 2 Arraytics, Wordpress | 2 Timetics, Wordpress | 2026-01-09 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46. | ||||
| CVE-2025-5919 | 2 Arraytics, Wordpress | 2 Appointment Booking Calendar, Wordpress | 2026-01-08 | 6.5 Medium |
| The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36. This makes it possible for unauthenticated attackers to view and modify booking details. | ||||
| CVE-2025-64268 | 2 Arraytics, Wordpress | 2 Timetics, Wordpress | 2025-12-19 | 7.5 High |
| Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44. | ||||
| CVE-2025-30828 | 2 Arraytics, Wordpress | 2 Timetics, Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29. | ||||
| CVE-2024-43923 | 1 Arraytics | 1 Wp Timetics | 2024-11-13 | 5.3 Medium |
| Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23. | ||||
| CVE-2024-37427 | 1 Arraytics | 1 Timetics | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21. | ||||
| CVE-2024-9263 | 1 Arraytics | 1 Timetics | 2024-10-18 | 9.8 Critical |
| The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible. | ||||
Page 1 of 1.