WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin < 1.0.26 – Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover | CVE 2024-9263 | Plugin Vulnerabilities

Description

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible.

Affects Plugins

Fixed in 1.0.26

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/74bd595b-d2fa-4c62-82d2-dba2c2b128f0

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

wesley (wcraft)

Verified

No

WPVDB ID

17c7a023-49e1-4086-a8fa-0da554c59cca

Timeline

Publicly Published

2024-10-16 (about 1 year ago)

Added

2024-10-16 (about 1 year ago)

Last Updated

2024-10-17 (about 1 year ago)

Other

Published

Title

Published

2024-08-16

Title

Zephyr Project Manager < 3.3.101 - Authenticated (Subscriber+) Insecure Direct Object Reference

Published

2023-06-23

Title

JS Help Desk - Best Help Desk & Support < 2.7.8 - Subscriber+ Ticket Manipulation via IDOR

Published

2023-06-27

Title

LearnDash LMS < 4.6.0.1 - User Account Takeover via Insecure Direct Object References

Published

2026-02-05

Title

Timeline Block < 1.3.4 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute

Published

2022-10-21

Title

Quiz And Survey Master < 7.3.7 - Multiple Author+ IDOR