1 results (0.000 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43923 – WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-43923

26 Aug 2024 — Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23. The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized booking in all versions up to, and including, 1.0.23. This is due to the plugin not properly validating if a user is authorized to make a booking. This makes it possible for unauthenticated attackers... • https://patchstack.com/database/vulnerability/timetics/wordpress-timetics-plugin-1-0-23-broken-access-control-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •