Security Advisory

CVE-2025-15473

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-12 06:00:11
Last updated 2026-03-12 13:40:38
Assigner WPScan
State PUBLISHED

Description

The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a bookings payment status and post status for the "timetics-booking" custom post type.