WP-Safety

Timetics – Appointment Booking & Scheduling Security & Risk Analysis

wordpress.org/plugins/timetics

Appointment booking and scheduling system with online booking calendar, payments, automated reminders, and calendar sync.

2K active installs v1.0.54 PHP 7.3+ WP 5.2+ Updated Mar 27, 2026
appointment-bookingappointment-schedulerbooking-calendarbooking-systemscheduling
86
A · Safe
CVEs total10
Unpatched0
Last CVEApr 7, 2026
Plugin page Download
Safety Verdict

Is Timetics – Appointment Booking & Scheduling Safe to Use in 2026?

Generally Safe

Score 86/100

Timetics – Appointment Booking & Scheduling has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

10 known CVEsLast CVE: Apr 7, 2026Updated 1mo ago
Risk Assessment

The "timetics" plugin v1.0.53 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of output escaping (85%), significant concerns arise from its attack surface. Specifically, 3 out of 7 identified entry points are AJAX handlers lacking authentication checks, presenting a direct avenue for potential unauthorized actions. The taint analysis shows no critical or high-severity issues, which is a positive sign regarding immediate code execution risks. However, the plugin's vulnerability history is a major red flag. With 8 known CVEs, including one critical and one high-severity vulnerability, and a recent vulnerability reported in 2026, it suggests a recurring pattern of authorization-related weaknesses that may not be fully mitigated. The fact that none of the historical vulnerabilities are currently unpatched is a small positive, but the sheer number and nature of past issues warrant caution.

In conclusion, while the code quality regarding SQL and output escaping is commendable, the lack of authorization checks on a portion of its AJAX handlers and its history of critical and high-severity authorization bypass vulnerabilities point to a significant ongoing risk. Users should be aware that despite current unpatched vulnerabilities being zero, the plugin has a history of exploitable authorization flaws that could resurface or remain undetected.

Key Concerns

  • 3 unprotected AJAX handlers
  • 8 known CVEs (1 critical, 1 high)
  • Authorization bypass vulnerability history
Vulnerabilities
10 published

Timetics – Appointment Booking & Scheduling Security Vulnerabilities

CVEs by Year

4 CVEs in 2024
2024
2 CVEs in 2025
2025
4 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
8

10 total CVEs

CVE-2026-39432medium · 5.3Missing Authorization

Timetics – Appointment Booking & Scheduling <= 1.0.53 - Missing Authorization

Apr 7, 2026 Patched in 1.0.54 (9d)
CVE-2025-15473medium · 5.3Missing Authorization

Timetics – Appointment Booking Calendar & Scheduling System < 1.0.52 - Missing Authorization

Mar 12, 2026 Patched in 1.0.52 (8d)
CVE-2025-5919medium · 6.5Missing Authorization

Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification

Jan 5, 2026 Patched in 1.0.37 (1d)
CVE-2025-67915medium · 5.3Incorrect Authorization

Timetics <= 1.0.46 - Incorrect Authorization to Authenticated (Timetics Customer+) User Creation

Jan 5, 2026 Patched in 1.0.48 (10d)
CVE-2025-64268medium · 5.3Missing Authorization

Timetics <= 1.0.44 - Missing Authorization

Nov 22, 2025 Patched in 1.0.45 (29d)
CVE-2025-30828medium · 5.3Missing Authorization

Timetics <= 1.0.29 - Missing Authorization

Mar 27, 2025 Patched in 1.0.30 (7d)
CVE-2024-11275medium · 4.3Authorization Bypass Through User-Controlled Key

WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion

Dec 12, 2024 Patched in 1.0.28 (1d)
CVE-2024-9263critical · 9.8Authorization Bypass Through User-Controlled Key

WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover

Oct 16, 2024 Patched in 1.0.26 (1d)
CVE-2024-43923medium · 5.3Authorization Bypass Through User-Controlled Key

Timetics <= 1.0.23 - Authorization Bypass

Aug 26, 2024 Patched in 1.0.24 (10d)
CVE-2024-1094high · 7.3Missing Authorization

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

Jun 13, 2024 Patched in 1.0.22 (20d)
Version History

Timetics – Appointment Booking & Scheduling Release Timeline

v1.0.54Current
v1.0.531 CVE
CVE-2026-39432
v1.0.521 CVE
CVE-2026-39432
v1.0.512 CVEs
CVE-2026-39432 CVE-2025-15473
v1.0.502 CVEs
CVE-2026-39432 CVE-2025-15473
v1.0.492 CVEs
CVE-2026-39432 CVE-2025-15473
v1.0.482 CVEs
CVE-2026-39432 CVE-2025-15473
v1.0.463 CVEs
CVE-2026-39432 CVE-2025-15473 CVE-2025-67915
v1.0.453 CVEs
CVE-2026-39432 CVE-2025-15473 CVE-2025-67915
v1.0.444 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +1 more
v1.0.434 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +1 more
v1.0.424 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +1 more
v1.0.414 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +1 more
v1.0.404 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +1 more
v1.0.394 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +1 more
v1.0.384 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +1 more
v1.0.374 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +1 more
v1.0.365 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +2 more
v1.0.355 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +2 more
v1.0.345 CVEs
CVE-2026-39432 CVE-2025-64268 CVE-2025-15473 +2 more
Code Analysis
Analyzed Mar 16, 2026

Timetics – Appointment Booking & Scheduling Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
92
533 escaped
Nonce Checks
9
Capability Checks
55
File Operations
3
External Requests
12
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

85% escaped625 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<auth> (core\integrations\auth.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Timetics – Appointment Booking & Scheduling Attack Surface

Entry Points7
Unprotected3

AJAX Handlers 3

authwp_ajax_dismiss_woocommerce_noticecore\admin\hooks.php:26
authwp_ajax_timetics_staff_onboard_skipcore\staffs\hooks.php:36
authwp_ajax_wpmet-noticesutils\notice\notice.php:367

Shortcodes 4

[timetics-booking-form] core\frontend\shortcode.php:28
[timetics-meeting-list] core\frontend\shortcode.php:31
[timetics-user-dashboard] core\frontend\shortcode.php:34
[timetics-category] core\frontend\shortcode.php:37
WordPress Hooks 77
actionrest_api_initbase\api.php:28
actioninitbase\custom-endpoint.php:22
actioninitbase\taxonomy.php:55
actionadmin_enqueue_scriptsbootstrap.php:231
actionadmin_footerbootstrap.php:232
actionwp_enqueue_scriptsbootstrap.php:236
actionadmin_noticescore\admin\hooks.php:23
filterplugin_action_linkscore\admin\hooks.php:28
actionadmin_initcore\admin\hooks.php:30
actionwp_initialize_sitecore\admin\hooks.php:33
actionset_user_rolecore\admin\hooks.php:35
filtertimetics_menucore\admin\hooks.php:37
filtertimetics_settingscore\admin\hooks.php:39
filtertimetics_get_settingscore\admin\hooks.php:41
actionadmin_menucore\admin\menu.php:28
actiontimetics_menucore\admin\menu.php:30
filtertemplate_includecore\appointments\hooks.php:23
actioninitcore\appointments\hooks.php:24
actioninitcore\appointments\hooks.php:25
actiontimetics_after_booking_createcore\bookings\hooks.php:29
actioninitcore\bookings\hooks.php:30
actiontimetics_booking_clear_schedulecore\bookings\hooks.php:31
actiontimetics_after_booking_createcore\bookings\hooks.php:33
actioninitcore\bookings\hooks.php:35
actionwoocommerce_before_calculate_totalscore\bookings\hooks.php:37
filterwoocommerce_add_cart_item_datacore\bookings\hooks.php:39
actionadmin_initcore\bookings\hooks.php:41
actiontimetics-email-headercore\emails\email.php:22
actiontimetics-email-footercore\emails\email.php:23
actiontimetics-email-bodycore\emails\email.php:24
actionwp_headcore\enqueue-inline\enqueue-inline.php:30
actioninitcore\frontend\shortcode.php:40
actiontemplate_redirectcore\integrations\auth.php:29
actiontimetics_after_booking_schedulecore\integrations\google\service\google-calendar-sync.php:67
filtertimetics/admin/booking/get_itemscore\integrations\google\service\google-calendar-sync.php:68
filtertimetics_schedule_data_for_selected_datecore\integrations\google\service\google-calendar-sync.php:69
actionwoocommerce_initcore\integrations\woocommerce\hooks.php:35
actionwoocommerce_thankyoucore\integrations\woocommerce\hooks.php:37
actionwoocommerce_order_status_changedcore\integrations\woocommerce\hooks.php:40
filtertimetics_get_settingscore\integrations\woocommerce\hooks.php:42
filterwoocommerce_product_querycore\integrations\woocommerce\hooks.php:44
actionwoocommerce_coupon_options_usage_restrictioncore\integrations\woocommerce\hooks.php:46
actionwoocommerce_coupon_options_usage_restrictioncore\integrations\woocommerce\hooks.php:47
actiontimetics_meeting_after_insertcore\integrations\woocommerce\hooks.php:49
actionbefore_delete_postcore\integrations\woocommerce\hooks.php:50
actionwoocommerce_coupon_options_savecore\integrations\woocommerce\hooks.php:52
filterwoocommerce_coupon_get_productscore\integrations\woocommerce\hooks.php:54
filtertimetics_settingscore\integrations\woocommerce\hooks.php:56
filterwoocommerce_checkout_fieldscore\integrations\woocommerce\hooks.php:58
filterwoocommerce_checkout_posted_datacore\integrations\woocommerce\hooks.php:60
actiontimetics_after_booking_createcore\integrations\woocommerce\hooks.php:62
filtertimetics_currencycore\integrations\woocommerce\hooks.php:64
actionadmin_initcore\integrations\woocommerce\hooks.php:66
actionwp_headcore\integrations\woocommerce\hooks.php:68
actionwoocommerce_review_order_before_paymentcore\integrations\woocommerce\hooks.php:71
actiontransition_post_statuscore\integrations\woocommerce\hooks.php:74
actioninitcore\services\hooks.php:33
filterretrieve_password_notification_emailcore\staffs\hooks.php:23
filterretrieve_password_titlecore\staffs\hooks.php:24
actionafter_password_resetcore\staffs\hooks.php:26
filteruser_row_actionscore\staffs\hooks.php:28
actionadmin_initcore\staffs\hooks.php:30
actioninitcore\staffs\hooks.php:32
filterlogin_redirectcore\staffs\hooks.php:34
actionadmin_menucore\staffs\onboard.php:25
actionadmin_initcore\staffs\onboard.php:26
actioninittimetics.php:107
actionplugins_loadedtimetics.php:158
filterrest_request_before_callbackstimetics.php:237
filterrest_request_before_callbackstimetics.php:258
actionadmin_headtimetics.php:329
actionadmin_headutils\banner\banner.php:34
actionadmin_noticesutils\notice\notice.php:277
actionadmin_headutils\notice\notice.php:368
filterplugin_row_metautils\pro-awareness\pro-awareness.php:451
actionadmin_enqueue_scriptsutils\pro-awareness\pro-awareness.php:460
actionadmin_menuutils\pro-awareness\pro-awareness.php:464

Scheduled Events 1

timetics_booking_clear_schedule
Maintenance & Trust

Timetics – Appointment Booking & Scheduling Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 27, 2026
PHP min version7.3
Downloads68K

Community Trust

Rating92/100
Number of ratings35
Active installs2K
Alternatives

Timetics – Appointment Booking & Scheduling Alternatives

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

A
95

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs
Easy Booked – Appointment Booking and Scheduling Management System for WordPress

Easy Booked – Appointment Booking and Scheduling Management System for WordPress

easy-booked

A
91

A comprehensive appointment booking calendar and scheduling management system for WordPress.

100 1 CVE
Online Scheduling and Appointment Booking System – Bookly

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

A
88

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 10 CVEs
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 27 CVEs
Booking calendar, Appointment Booking System

Booking calendar, Appointment Booking System

booking-calendar

C
50

Booking calendar plugin is an awesome tool for creating appointment booking calendars and Scheduling systems in a few minutes.

4K 1 unpatched
Developer Profile

Timetics – Appointment Booking & Scheduling Developer Profile

Arraytics

10 plugins · 20K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
27 days
View full developer profile
Detection Fingerprints

How We Detect Timetics – Appointment Booking & Scheduling

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/timetics/assets/css/backend.css/wp-content/plugins/timetics/assets/css/frontend.css/wp-content/plugins/timetics/assets/js/backend.js/wp-content/plugins/timetics/assets/js/frontend.js
Version Parameters
timetics/assets/css/backend.css?ver=timetics/assets/css/frontend.css?ver=timetics/assets/js/backend.js?ver=timetics/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
timetics-booking-calendartimetics-appointments-wrap
HTML Comments
Timetics Essential is distributed in the hope that it will be usefulTimetics is free software: you can redistribute it and/or modify
Data Attributes
data-timetics-bookingdata-timetics-appointment-id
JS Globals
timeticsApptimetics
REST Endpoints
/timetics/v1/feedback
Shortcode Output
[timetics_booking_form][timetics_calendar]
FAQ

Frequently Asked Questions about Timetics – Appointment Booking & Scheduling