CVE-2024-1094
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and
Description
Description
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| timetics | appointment_booking | From 1.0.0 (inc) to 1.0.22 (exc) |
| timetics | ultimate_calendar_scheduling | From 1.0.0 (inc) to 1.0.22 (exc) |
| timetics | visual_seat_plan | From 1.0.0 (inc) to 1.0.22 (exc) |
Helpful Resources
Exploitability
CWE
KEV
Currently, no data is known.
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2024-06-14
CVE Last Modified Date:
2024-06-17
Report Generation Date:
2025-09-23
EPSS Last Evaluated Date:
2025-08-20
NVD Report Link: