CVE-2025-67915 HIGH

CVE-2025-67915: WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability

Vendor Arraytics
Product Timetics
Weakness CWE-288
Published January 8, 2026
Last update April 28, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.

Explanation of Vulnerability in Simple Terms

02Summary

Timetics versions up to 1.0.46 contain an authentication bypass vulnerability that allows an attacker with low-level privileges to read, modify, or delete sensitive data and disrupt service availability. The vulnerability stems from improper authentication handling and can be exploited over the network without user interaction. Update to version 1.0.47 or later to remediate.

What an attacker can do

03Attacker Capabilities

Read, modify, or delete data; disrupt service availability.

Potential impact on your site

04Site Impact

Unauthorized data access, modification, or loss; potential service downtime.

Conditions required to exploit

05Prerequisites

Low-level user account on the system; network access.

Key dates

06Disclosure timeline

January 8, 2026 CVE published
April 28, 2026 Record updated