Skip to main content

Timetics

2 CVEs product

Monthly

CVE-2026-57674 HIGH This Week

Cross-Site Scripting in the Timetics WordPress appointment-booking plugin (by Arraytics) affects all versions up to and including 1.0.58, allowing unauthenticated remote attackers to inject script that executes in a victim's browser after the victim interacts with a crafted link or page. Because the CVSS scope is changed (S:C), a successful injection can affect resources beyond the vulnerable component, such as the browser session of a logged-in administrator. There is no public exploit identified at time of analysis, the CVE is not listed in CISA KEV, and no EPSS score was provided.

XSS Timetics
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-39432 HIGH This Week

Missing authorization in Timetics WordPress plugin through version 1.0.53 allows unauthenticated remote attackers to bypass access controls and access sensitive administrative functions or data. With CVSS 8.2 (High), the vulnerability enables high confidentiality impact and low integrity impact against network-accessible instances. Patchstack reported this broken access control flaw, indicating potential exposure of booking systems, customer data, or administrative operations to unauthorized access without authentication.

Authentication Bypass Timetics
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Scripting in the Timetics WordPress appointment-booking plugin (by Arraytics) affects all versions up to and including 1.0.58, allowing unauthenticated remote attackers to inject script that executes in a victim's browser after the victim interacts with a crafted link or page. Because the CVSS scope is changed (S:C), a successful injection can affect resources beyond the vulnerable component, such as the browser session of a logged-in administrator. There is no public exploit identified at time of analysis, the CVE is not listed in CISA KEV, and no EPSS score was provided.

XSS Timetics
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Missing authorization in Timetics WordPress plugin through version 1.0.53 allows unauthenticated remote attackers to bypass access controls and access sensitive administrative functions or data. With CVSS 8.2 (High), the vulnerability enables high confidentiality impact and low integrity impact against network-accessible instances. Patchstack reported this broken access control flaw, indicating potential exposure of booking systems, customer data, or administrative operations to unauthorized access without authentication.

Authentication Bypass Timetics
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy