PT-2026-1426 · WordPress · Wp Timetics
Greenhats
·
Published
2026-01-06
·
Updated
2026-01-06
·
CVE-2025-5919
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Timetics versions prior to 1.0.37
Description
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics for WordPress is susceptible to unauthorized access and modification of data. This is due to a missing capability check on the
update and register routes functions. An unauthenticated attacker can view and modify booking details.Recommendations
Update to version 1.0.37 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Timetics