Does Timetics – Appointment Booking Calendar & Scheduling System have any unpatched vulnerabilities?

No. All known vulnerabilities in Timetics – Appointment Booking Calendar & Scheduling System have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Timetics – Appointment Booking Calendar & Scheduling System compatible with WordPress 6.9.4?

According to WordPress.org data, Timetics – Appointment Booking Calendar & Scheduling System 1.0.53 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Timetics – Appointment Booking Calendar & Scheduling System compatible with PHP 7.3+?

Timetics – Appointment Booking Calendar & Scheduling System requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Timetics – Appointment Booking Calendar & Scheduling System Security & Risk Analysis

wordpress.org/plugins/timetics

Appointment booking system for Professionals — schedule, manage calendars, accept payments, send reminders & automate bookings easily.

2K active installs v1.0.53 PHP 7.3+ WP 5.2+ Updated Feb 18, 2026

appointment-bookingappointment-calendarappointmentsbooking-calendarscheduling

A · Safe

CVEs total8

Unpatched0

Last CVEJan 5, 2026

Plugin page Download

Safety Verdict

Is Timetics – Appointment Booking Calendar & Scheduling System Safe to Use in 2026?

Generally Safe

Score 86/100

Timetics – Appointment Booking Calendar & Scheduling System has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Jan 5, 2026Updated 1mo ago

Risk Assessment

The "timetics" plugin v1.0.53 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of output escaping (85%), significant concerns arise from its attack surface. Specifically, 3 out of 7 identified entry points are AJAX handlers lacking authentication checks, presenting a direct avenue for potential unauthorized actions. The taint analysis shows no critical or high-severity issues, which is a positive sign regarding immediate code execution risks. However, the plugin's vulnerability history is a major red flag. With 8 known CVEs, including one critical and one high-severity vulnerability, and a recent vulnerability reported in 2026, it suggests a recurring pattern of authorization-related weaknesses that may not be fully mitigated. The fact that none of the historical vulnerabilities are currently unpatched is a small positive, but the sheer number and nature of past issues warrant caution.

In conclusion, while the code quality regarding SQL and output escaping is commendable, the lack of authorization checks on a portion of its AJAX handlers and its history of critical and high-severity authorization bypass vulnerabilities point to a significant ongoing risk. Users should be aware that despite current unpatched vulnerabilities being zero, the plugin has a history of exploitable authorization flaws that could resurface or remain undetected.

Key Concerns

3 unprotected AJAX handlers
8 known CVEs (1 critical, 1 high)
Authorization bypass vulnerability history

Vulnerabilities

Timetics – Appointment Booking Calendar & Scheduling System Security Vulnerabilities

CVEs by Year

4 CVEs in 2024

2024

2 CVEs in 2025

2025

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

8 total CVEs

CVE-2025-5919medium · 6.5Missing Authorization

Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification

Jan 5, 2026 Patched in 1.0.37 (1d)

CVE-2025-67915medium · 5.3Incorrect Authorization

Timetics <= 1.0.46 - Incorrect Authorization to Authenticated (Timetics Customer+) User Creation

Jan 5, 2026 Patched in 1.0.48 (10d)

CVE-2025-64268medium · 5.3Missing Authorization

Timetics <= 1.0.44 - Missing Authorization

Nov 22, 2025 Patched in 1.0.45 (29d)

CVE-2025-30828medium · 5.3Missing Authorization

Timetics <= 1.0.29 - Missing Authorization

Mar 27, 2025 Patched in 1.0.30 (7d)

CVE-2024-11275medium · 4.3Authorization Bypass Through User-Controlled Key

WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion

Dec 12, 2024 Patched in 1.0.28 (1d)

CVE-2024-9263critical · 9.8Authorization Bypass Through User-Controlled Key

WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover

Oct 16, 2024 Patched in 1.0.26 (1d)

CVE-2024-43923medium · 5.3Authorization Bypass Through User-Controlled Key

Timetics <= 1.0.23 - Authorization Bypass

Aug 26, 2024 Patched in 1.0.24 (10d)

CVE-2024-1094high · 7.3Missing Authorization

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

Jun 13, 2024 Patched in 1.0.22 (20d)

Code Analysis

Analyzed Mar 16, 2026

Timetics – Appointment Booking Calendar & Scheduling System Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

533 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

85% escaped625 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<auth> (core\integrations\auth.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Timetics – Appointment Booking Calendar & Scheduling System Attack Surface

Entry Points7

Unprotected3

AJAX Handlers 3

authwp_ajax_dismiss_woocommerce_noticecore\admin\hooks.php:26

authwp_ajax_timetics_staff_onboard_skipcore\staffs\hooks.php:36

authwp_ajax_wpmet-noticesutils\notice\notice.php:367

Shortcodes 4

[timetics-booking-form] core\frontend\shortcode.php:28

[timetics-meeting-list] core\frontend\shortcode.php:31

[timetics-user-dashboard] core\frontend\shortcode.php:34

[timetics-category] core\frontend\shortcode.php:37

WordPress Hooks 77

actionrest_api_initbase\api.php:28

actioninitbase\custom-endpoint.php:22

actioninitbase\taxonomy.php:55

actionadmin_enqueue_scriptsbootstrap.php:231

actionadmin_footerbootstrap.php:232

actionwp_enqueue_scriptsbootstrap.php:236

actionadmin_noticescore\admin\hooks.php:23

filterplugin_action_linkscore\admin\hooks.php:28

actionadmin_initcore\admin\hooks.php:30

actionwp_initialize_sitecore\admin\hooks.php:33

actionset_user_rolecore\admin\hooks.php:35

filtertimetics_menucore\admin\hooks.php:37

filtertimetics_settingscore\admin\hooks.php:39

filtertimetics_get_settingscore\admin\hooks.php:41

actionadmin_menucore\admin\menu.php:28

actiontimetics_menucore\admin\menu.php:30

filtertemplate_includecore\appointments\hooks.php:23

actioninitcore\appointments\hooks.php:24

actioninitcore\appointments\hooks.php:25

actiontimetics_after_booking_createcore\bookings\hooks.php:29

actioninitcore\bookings\hooks.php:30

actiontimetics_booking_clear_schedulecore\bookings\hooks.php:31

actiontimetics_after_booking_createcore\bookings\hooks.php:33

actioninitcore\bookings\hooks.php:35

actionwoocommerce_before_calculate_totalscore\bookings\hooks.php:37

filterwoocommerce_add_cart_item_datacore\bookings\hooks.php:39

actionadmin_initcore\bookings\hooks.php:41

actiontimetics-email-headercore\emails\email.php:22

actiontimetics-email-footercore\emails\email.php:23

actiontimetics-email-bodycore\emails\email.php:24

actionwp_headcore\enqueue-inline\enqueue-inline.php:30

actioninitcore\frontend\shortcode.php:40

actiontemplate_redirectcore\integrations\auth.php:29

actiontimetics_after_booking_schedulecore\integrations\google\service\google-calendar-sync.php:67

filtertimetics/admin/booking/get_itemscore\integrations\google\service\google-calendar-sync.php:68

filtertimetics_schedule_data_for_selected_datecore\integrations\google\service\google-calendar-sync.php:69

actionwoocommerce_initcore\integrations\woocommerce\hooks.php:35

actionwoocommerce_thankyoucore\integrations\woocommerce\hooks.php:37

actionwoocommerce_order_status_changedcore\integrations\woocommerce\hooks.php:40

filtertimetics_get_settingscore\integrations\woocommerce\hooks.php:42

filterwoocommerce_product_querycore\integrations\woocommerce\hooks.php:44

actionwoocommerce_coupon_options_usage_restrictioncore\integrations\woocommerce\hooks.php:46

actionwoocommerce_coupon_options_usage_restrictioncore\integrations\woocommerce\hooks.php:47

actiontimetics_meeting_after_insertcore\integrations\woocommerce\hooks.php:49

actionbefore_delete_postcore\integrations\woocommerce\hooks.php:50

actionwoocommerce_coupon_options_savecore\integrations\woocommerce\hooks.php:52

filterwoocommerce_coupon_get_productscore\integrations\woocommerce\hooks.php:54

filtertimetics_settingscore\integrations\woocommerce\hooks.php:56

filterwoocommerce_checkout_fieldscore\integrations\woocommerce\hooks.php:58

filterwoocommerce_checkout_posted_datacore\integrations\woocommerce\hooks.php:60

actiontimetics_after_booking_createcore\integrations\woocommerce\hooks.php:62

filtertimetics_currencycore\integrations\woocommerce\hooks.php:64

actionadmin_initcore\integrations\woocommerce\hooks.php:66

actionwp_headcore\integrations\woocommerce\hooks.php:68

actionwoocommerce_review_order_before_paymentcore\integrations\woocommerce\hooks.php:71

actiontransition_post_statuscore\integrations\woocommerce\hooks.php:74

actioninitcore\services\hooks.php:33

filterretrieve_password_notification_emailcore\staffs\hooks.php:23

filterretrieve_password_titlecore\staffs\hooks.php:24

actionafter_password_resetcore\staffs\hooks.php:26

filteruser_row_actionscore\staffs\hooks.php:28

actionadmin_initcore\staffs\hooks.php:30

actioninitcore\staffs\hooks.php:32

filterlogin_redirectcore\staffs\hooks.php:34

actionadmin_menucore\staffs\onboard.php:25

actionadmin_initcore\staffs\onboard.php:26

actioninittimetics.php:107

actionplugins_loadedtimetics.php:158

filterrest_request_before_callbackstimetics.php:237

filterrest_request_before_callbackstimetics.php:258

actionadmin_headtimetics.php:329

actionadmin_headutils\banner\banner.php:34

actionadmin_noticesutils\notice\notice.php:277

actionadmin_headutils\notice\notice.php:368

filterplugin_row_metautils\pro-awareness\pro-awareness.php:451

actionadmin_enqueue_scriptsutils\pro-awareness\pro-awareness.php:460

actionadmin_menuutils\pro-awareness\pro-awareness.php:464

Scheduled Events 1

timetics_booking_clear_schedule

Maintenance & Trust

Timetics – Appointment Booking Calendar & Scheduling System Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 18, 2026

PHP min version7.3

Downloads66K

Community Trust

Rating92/100

Number of ratings35

Active installs2K

Alternatives

Timetics – Appointment Booking Calendar & Scheduling System Alternatives

Easy Appointment Booking & Scheduling System – Webba Booking Calendar

webba-booking-lite

Free Appointment Booking Plugin 📅 Unlimited appointments, booking management, calendar sync, notifications, 5* support = powerful booking system!

3K 7 CVEs

Ultimate Appointment Booking & Scheduling

ultimate-appointment-scheduling

100

Appointment booking calendar and scheduling plugin that lets you set up different services, service providers, locations and availability

90 1 CVE

Sugar Calendar Bookings Scheduling Appointments Lite

sugar-calendar-bookings-scheduling-appointments-lite

100

The easiest appointment booking plugin for WordPress. Create booking forms, manage services & schedules, and accept Stripe payments.

10 No CVEs

Online Scheduling and Appointment Booking System – Bookly

bookly-responsive-appointment-booking-tool

Appointment booking system for WordPress — schedule appointments, manage calendars, send reminders, take payments. Start booking today!

70K 8 CVEs

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 21 CVEs

Developer Profile

Timetics – Appointment Booking Calendar & Scheduling System Developer Profile

Arraytics

8 plugins · 20K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

28 days

View full developer profile

Detection Fingerprints

How We Detect Timetics – Appointment Booking Calendar & Scheduling System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/timetics/assets/css/backend.css/wp-content/plugins/timetics/assets/css/frontend.css/wp-content/plugins/timetics/assets/js/backend.js/wp-content/plugins/timetics/assets/js/frontend.js

Version Parameters

timetics/assets/css/backend.css?ver=timetics/assets/css/frontend.css?ver=timetics/assets/js/backend.js?ver=timetics/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

timetics-booking-calendartimetics-appointments-wrap

HTML Comments

Timetics Essential is distributed in the hope that it will be usefulTimetics is free software: you can redistribute it and/or modify

Data Attributes

data-timetics-bookingdata-timetics-appointment-id

JS Globals

timeticsApptimetics

REST Endpoints

/timetics/v1/feedback

Shortcode Output

[timetics_booking_form][timetics_calendar]

FAQ