cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11275,https://securityvulnerability.io/vulnerability/CVE-2024-11275,Unauthorized Data Deletion Vulnerability in WP Timetics,"The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.",Wordpress,WP Timetics- Ai-powered Appointment Booking Calendar And Online Scheduling Plugin,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-13T08:24:52.066Z,0
CVE-2024-9263,https://securityvulnerability.io/vulnerability/CVE-2024-9263,Vulnerability in WP Timetics Plugin Allows for Account Takeover and Privilege Escalation,"The WP Timetics Appointment Booking Calendar and Online Scheduling Plugin for WordPress has a vulnerability that allows unauthenticated attackers to execute account takeover and privilege escalation through Insecure Direct Object Reference. This issue arises from insufficient validation on a user-controlled key during the save() function, affecting all versions up to and including 1.0.25. Consequently, attackers are able to reset the email addresses and passwords of arbitrary user accounts, giving them unauthorized access to sensitive accounts, including those of administrators.",Wordpress,WP Timetics- Ai-powered Appointment Booking Calendar And Online Scheduling Plugin,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-17T03:32:49.162Z,0
CVE-2024-1094,https://securityvulnerability.io/vulnerability/CVE-2024-1094,Unauthorized Modification of Data in Timetics Appointment Booking Plugin,"The Timetics Appointment Booking plugin for WordPress, designed to facilitate AI-powered reservations and calendar scheduling, exhibits a vulnerability that allows unauthorized data modification. This issue arises from a lack of capability validation in the make_staff() function, present in all versions up to and including 1.0.21. The vulnerability enables unauthenticated attackers to illegitimately assign staff permissions to any user, which may lead to unauthorized access and manipulation of sensitive data within the application. Organizations using this plugin should take immediate action to mitigate potential security risks.",Wordpress,WP Timetics- Ai-powered Appointment Booking Calendar And Online Scheduling Plugin,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-14T04:36:54.514Z,0