CVE-2024-1094
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and
Description
Description
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions.
CVSS Scores
EPSS Scores
Affected Vendors & Products
Vendor | Product | Version |
---|---|---|
timetics | appointment_booking | 1.0.0 <= version < 1.0.22 |
timetics | ultimate_calendar_scheduling | 1.0.0 <= version < 1.0.22 |
timetics | visual_seat_plan | 1.0.0 <= version < 1.0.22 |
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
Date published:
2024-06-14
Date last modified:
2024-06-17
Date generated:
2025-02-06
NVD report: