2026-03-12 06:00:11
WPScan
PUBLISHED
The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a bookings payment status and post status for the "timetics-booking" custom post type.