Back to search
CVE-2025-15473
Published: Mar 12, 2026
Modified: Mar 12, 2026
PUBLISHED
Description
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Timetics | affected 0 - < 1.0.52 |
References
https://wpscan.com/vulnerability/f355e4ac-7aa6-4c5b-b1e5-b37937156583/
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now