Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Arraytics — Vulnerabilities & Security Advisories 38

Browse all 38 CVE security advisories affecting Arraytics. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Arraytics operates as a specialized provider of advanced threat detection and response solutions, primarily targeting industrial control systems and critical infrastructure environments. With thirty-eight Common Vulnerabilities and Exposures (CVEs) currently on record, the platform has historically exhibited significant security weaknesses, particularly in the areas of remote code execution and cross-site scripting. These flaws often stem from insufficient input validation and improper access controls, allowing attackers to escalate privileges or execute arbitrary commands within the managed network. While specific major public breaches remain limited in detailed reporting, the high volume of disclosed vulnerabilities indicates systemic issues in the software development lifecycle. The presence of these defects poses substantial risks to operational technology environments, where successful exploitation could lead to severe disruptions in industrial processes. Continuous patching and rigorous security audits are essential to mitigate these persistent exposure points.

Top products by Arraytics: Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) Eventin Timetics Timetics – Appointment Booking & Scheduling WPCafe WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System Booktics – Booking Calendar for Appointments and Service Businesses Booktics
CVE IDTitleCVSSSeverityPublished
CVE-2026-4109 Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-862 4.3 Medium2026-04-14
CVE-2026-39585 WordPress Booktics plugin <= 1.0.16 - Broken Access Control vulnerability — BookticsCWE-862 5.3 Medium2026-04-08
CVE-2026-27071 WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability — WPCafeCWE-862 9.1 Critical2026-03-25
CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints — Booktics – Booking Calendar for Appointments and Service BusinessesCWE-306 5.3 Medium2026-03-10
CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation — Booktics – Booking Calendar for Appointments and Service BusinessesCWE-306 5.3 Medium2026-03-10
CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability — EventinCWE-502 8.8 High2026-01-22
CVE-2025-14657 Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-862 7.2 High2026-01-09
CVE-2025-67915 WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability — TimeticsCWE-288 8.8 High2026-01-08
CVE-2025-5919 Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification — Timetics – Appointment Booking & SchedulingCWE-862 6.5 Medium2026-01-06
CVE-2025-64268 WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability — TimeticsCWE-862 7.5 High2025-12-18
CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-918 7.2 High2025-08-23
CVE-2025-49869 WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability — EventinCWE-502 8.8 High2025-08-14
CVE-2025-4796 Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-639 8.8 High2025-08-08
CVE-2025-49321 WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability — EventinCWE-79 7.1 High2025-06-27
CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability — EventinCWE-266 9.8 Critical2025-05-23
CVE-2025-47445 WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability — EventinCWE-23 7.5 High2025-05-14
CVE-2025-3419 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-73 7.5 High2025-05-08
CVE-2025-39452 WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability — WPCafeCWE-98 7.5 High2025-04-17
CVE-2025-39584 WordPress Eventin plugin <= 4.0.25 - Local File Inclusion Vulnerability — EventinCWE-98 7.5 High2025-04-16
CVE-2025-30829 WordPress WPCafe plugin <= 2.2.31 - Local File Inclusion vulnerability — WPCafeCWE-98 7.5 High2025-03-27
CVE-2025-30828 WordPress Timetics plugin <= 1.0.29 - Broken Access Control vulnerability — TimeticsCWE-862 5.3 Medium2025-03-27
CVE-2025-1770 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-22 8.8 High2025-03-20
CVE-2025-1766 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment Status Update — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-862 5.3 Medium2025-03-20
CVE-2025-26964 WordPress Eventin plugin <= 4.0.20 - Local File Inclusion vulnerability — EventinCWE-98 7.5 High2025-02-25
CVE-2024-56213 WordPress Eventin plugin <= 4.0.7 - Contributor+ Limited Local File Inclusion vulnerability — EventinCWE-35 6.5 Medium2024-12-31
CVE-2024-11275 WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion — Timetics – Appointment Booking & SchedulingCWE-639 4.3 Medium2024-12-13
CVE-2023-47805 WordPress WPCafe plugin <= 2.2.22 - Broken Access Control vulnerability — WPCafeCWE-862 5.3 Medium2024-12-09
CVE-2023-49756 WordPress Eventin plugin <= 3.3.52 - Authenticated Notice Dismissal Vulnerability — EventinCWE-862 5.4 Medium2024-12-09
CVE-2024-37427 WordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerability — TimeticsCWE-862 5.3 Medium2024-11-01
CVE-2024-43923 WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability — TimeticsCWE-862 5.3 Medium2024-11-01

This page lists every published CVE security advisory associated with Arraytics. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.