Security Advisory
CVE-2025-15473
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a bookings payment status and post status for the "timetics-booking" custom post type.