CVE-2024-9263: CWE-639 Authorization Bypass Through User-Controlled Key in arraytics Timetics – Appointment Booking & Scheduling
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible.
AI Analysis
Technical Summary
The WP Timetics plugin suffers from an authorization bypass vulnerability (CWE-639) via an insecure direct object reference in the save() function. Because the plugin fails to validate a user-controlled key parameter, unauthenticated attackers can reset credentials for any user account, including those with administrative privileges. This vulnerability affects all versions up to and including 1.0.25 and has a CVSS 3.1 base score of 9.8, indicating critical severity with network attack vector, no required privileges or user interaction, and impacts confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows unauthenticated attackers to take over any user account by resetting their email and password, including administrator accounts. This leads to full system compromise, enabling privilege escalation and complete control over the affected WordPress site.
Mitigation Recommendations
No official patch or fix is currently available for this vulnerability. Users should monitor the vendor's advisory for updates and avoid using the affected versions of the plugin. As a temporary mitigation, consider disabling or removing the plugin until a fix is released. Implementing strict access controls and monitoring for suspicious activity may help reduce risk but do not fully mitigate the vulnerability.
CVE-2024-9263: CWE-639 Authorization Bypass Through User-Controlled Key in arraytics Timetics – Appointment Booking & Scheduling
Description
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The WP Timetics plugin suffers from an authorization bypass vulnerability (CWE-639) via an insecure direct object reference in the save() function. Because the plugin fails to validate a user-controlled key parameter, unauthenticated attackers can reset credentials for any user account, including those with administrative privileges. This vulnerability affects all versions up to and including 1.0.25 and has a CVSS 3.1 base score of 9.8, indicating critical severity with network attack vector, no required privileges or user interaction, and impacts confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows unauthenticated attackers to take over any user account by resetting their email and password, including administrator accounts. This leads to full system compromise, enabling privilege escalation and complete control over the affected WordPress site.
Mitigation Recommendations
No official patch or fix is currently available for this vulnerability. Users should monitor the vendor's advisory for updates and avoid using the affected versions of the plugin. As a temporary mitigation, consider disabling or removing the plugin until a fix is released. Implementing strict access controls and monitoring for suspicious activity may help reduce risk but do not fully mitigate the vulnerability.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-09-26T20:13:08.336Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6b47b7ef31ef0b550d24
Added to database: 2/25/2026, 9:36:07 PM
Last enriched: 4/9/2026, 3:26:40 PM
Last updated: 4/12/2026, 11:50:38 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.