CVE-2025-15473 WordPress — Exploit & Vulnerability Details NONE

Parameter	Value
Affected Versions	before 1.0.52
Vendor	WordPress
Public PoC	No

The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type.

References 1

https://wpscan.com/vulnerability/f355e4ac-7aa6-4c5b-b1e5-b37937156583/

contact@wpscan.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-2687

WordPress

None

CVE-2026-3657

WordPress

7.5

CVE-2026-3226

WordPress

4.3

CVE-2026-3496

WordPress

7.5

CVE-2026-3178

WordPress

7.2

Menu

CVE-2025-15473

References 1

Related Vulnerabilities

CVE-2026-2687

CVE-2026-3657

CVE-2026-3226

CVE-2026-3496

CVE-2026-3178

CVE Details

Editor's Choice

Menu

CVE-2025-15473

References 1

Related Vulnerabilities

CVE-2026-2687

CVE-2026-3657

CVE-2026-3226

CVE-2026-3496

CVE-2026-3178

CVE Details

Editor's Choice

Stay informed on cybersecurity