Arraytics Arraytics

  1. Vendors
  2. Arraytics

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Arraytics product.

RSS Feeds for Arraytics security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Arraytics products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Arraytics Sorted by Most Security Vulnerabilities since 2018

Arraytics Wp Event Solution6 vulnerabilities

Arraytics Timetics5 vulnerabilities

Arraytics Wp Cafe2 vulnerabilities

Arraytics Booktics1 vulnerability

Arraytics Wp Timetics1 vulnerability

By the Year

In 2026 there have been 9 vulnerabilities in Arraytics with an average score of 6.9 out of ten. Last year, in 2025 Arraytics had 8 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.78

Year Vulnerabilities Average Score
2026 9 6.92
2025 8 7.70
2024 8 6.11

It may take a day or so for new Arraytics vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Arraytics Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-39432 May 12, 2026
Arraytics Timetics Missing Authorization pre-1.0.53 Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53.
Timetics
CVE-2026-4109 Apr 14, 2026
Unauthorized Data Access in Eventin Events Calendar 4.1.8 The Eventin Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the get_item_permissions_check() function in all versions up to, and including, 4.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary order data including customer PII (name, email, phone) by iterating order IDs.
CVE-2026-39585 Apr 08, 2026
Arraytics Booktics <1.0.16: Missing Auth Incorr. Access Ctrl Missing Authorization vulnerability in Arraytics Booktics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booktics: from n/a through 1.0.16.
Booktics
CVE-2026-27071 Mar 25, 2026
Arraytics WPCafe missing auth in wpcafe <=3.0.7 Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7.
Wp Cafe
CVE-2026-1919 Mar 10, 2026
Booktics WP Plugin 1.0.16 - Unauth Data Access via Missing Capability Check The Booking Calendar for Appointments and Service Businesses Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to query sensitive data.
CVE-2026-1920 Mar 10, 2026
Unauthorized Plugin Install in Booktics (1.0.16) - Missing Capability Check The Booking Calendar for Appointments and Service Businesses Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension_Controller::update_item_permissions_check' function in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to install addon plugins.
CVE-2025-68047 Jan 22, 2026
Eventin WP Plugin <=4.1.1: Deserialization of Untrusted Data OI Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.1.3.
Wp Event Solution
CVE-2025-14657 Jan 09, 2026
Eventin Plugin <=4.0.51 Data Tampering & XSS via Missing Capability Check The Eventin Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'post_settings' function in all versions up to, and including, 4.0.51. This makes it possible for unauthenticated attackers to modify plugin settings. Furthermore, due to insufficient input sanitization and output escaping on the 'etn_primary_color' setting, this enables unauthenticated attackers to inject arbitrary web scripts that will execute whenever a user accesses a page where Eventin styles are loaded.
CVE-2025-67915 Jan 08, 2026
Timetics Auth Bypass via Alternate Path <=1.0.46 Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.
Timetics
CVE-2025-64268 Dec 18, 2025
Missing Auth in Arraytics Timetics <=1.0.44 Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44.
Timetics
CVE-2025-7813 Aug 23, 2025
The Events Calendar, Event Booking, Registrations and Event Tickets Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 The Events Calendar, Event Booking, Registrations and Event Tickets Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxy_image function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVE-2025-49869 Aug 14, 2025
Deser of Untrusted Data in Arraytics Eventin <4.0.31 Allows Obj Injection Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.0.31.
Wp Event Solution
CVE-2025-47445 May 14, 2025
WordPress Plugin Eventin <=4.0.26 Path Traversal (CVE-2025-47445) Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26.
Wp Event Solution
CVE-2025-3419 May 08, 2025
Eventin WP Plugin 4.0.26 Arbitrary File Read via proxy_image() (CVE-2025-3419) The Event Manager, Events Calendar, Tickets, Registrations Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-47445 is a duplicate of this vulnerability.
CVE-2025-30828 Mar 27, 2025
Missing Auth in Arraytics Timetics v<1.0.29: Incorrect ACL Exploit Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.29.
Timetics
CVE-2025-30829 Mar 27, 2025
WPCafe <2.2.31: PHP LFI via Improper File Include Control Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through <= 2.2.31.
Wp Cafe
CVE-2025-26964 Feb 25, 2025
PHP LFI in Themewinter Eventin <= 4.0.20 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through <= 4.0.20.
Wp Event Solution
CVE-2024-56213 Dec 31, 2024
Themewinter Eventin Path Traversal Vulnerability Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.7.
Wp Event Solution
CVE-2024-11275 Dec 13, 2024
WP Timetics Plugin: Unauthorized User Deletion Vulnerability in REST API Endpoint The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.
CVE-2023-49756 Dec 09, 2024
Eventin 3.3.52 WP Plugin Missing Auth - Improper Access Control Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through <= 3.3.52.
Wp Event Solution
CVE-2024-43923 Nov 01, 2024
Arraytics Timetics Missing Auth Vulnerability (1.0.23) Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23.
Wp Timetics
CVE-2024-6033 Jul 17, 2024
Eventin WP Plugin <4.0.4 Unauthorized Data Import (Contributor+) The Event Manager, Events Calendar, Tickets, Registrations Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to import events, speakers, schedules and attendee data.
CVE-2024-1094 Jun 14, 2024
Timetics WP Plugin v1.0.21 Missing Cap Check Enables Unauthorized Staff Grant The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions. CVE-2024-37427 is likely a duplicate of this issue.
Timetics
CVE-2024-5427 May 31, 2024
WPCafe Reservation Form SXSS vulnerability before v2.2.24 (WooCommerce) The WPCafe Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-1122 Feb 09, 2024
Eventin Plugin WP - Auth Bypass on export_data() 3.3.50 The Event Manager, Events Calendar, Events Tickets for WooCommerce Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.