CVE-2024-1094
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and

Publication date: 2024-06-14

Last updated on: 2024-06-17

Assigner: [email protected]

Description
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions.
CVSS Scores
EPSS Scores
Affected Vendors & Products
Vendor Product Version
timetics appointment_booking 1.0.0 <= version < 1.0.22
timetics ultimate_calendar_scheduling 1.0.0 <= version < 1.0.22
timetics visual_seat_plan 1.0.0 <= version < 1.0.22
Helpful Resources
Exploitability
Currently, no data is known.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
Date published:
2024-06-14
Date last modified:
2024-06-17
Date generated:
2025-02-06
NVD report: