Vulnerability Description
The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36. This makes it possible for unauthenticated attackers to view and modify booking details.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/timetics/tags/1.0.36/core/bookings/ap
- https://plugins.trac.wordpress.org/browser/timetics/tags/1.0.36/core/bookings/bo
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d8d50b65-7479-4140-923
FAQ
What is CVE-2025-5919?
CVE-2025-5919 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update ...
How severe is CVE-2025-5919?
CVE-2025-5919 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5919?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.