PT-2026-1426 · WordPress · Wp Timetics
Greenhats
·
Publicado
2026-01-06
·
Atualizado
2026-01-06
·
CVE-2025-5919
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Timetics versions prior to 1.0.37
Description
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing capability check on the
update and register routes functions. An unauthenticated attacker can view and modify booking details.Recommendations
Update to version 1.0.37 or later.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wp Timetics