Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Arraytics — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting Arraytics. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Arraytics operates as a specialized provider of advanced threat detection and response solutions, primarily targeting industrial control systems and critical infrastructure environments. With thirty-eight Common Vulnerabilities and Exposures (CVEs) currently on record, the platform has historically exhibited significant security weaknesses, particularly in the areas of remote code execution and cross-site scripting. These flaws often stem from insufficient input validation and improper access controls, allowing attackers to escalate privileges or execute arbitrary commands within the managed network. While specific major public breaches remain limited in detailed reporting, the high volume of disclosed vulnerabilities indicates systemic issues in the software development lifecycle. The presence of these defects poses substantial risks to operational technology environments, where successful exploitation could lead to severe disruptions in industrial processes. Continuous patching and rigorous security audits are essential to mitigate these persistent exposure points.

CVE IDTitleCVSSSeverityPublished
CVE-2026-13039 Eventin 4.0.26 - 4.1.15 - Missing Authorization to Unauthenticated Payment Bypass via REST API — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-862 5.3 Medium2026-07-10
CVE-2026-12924 Eventin <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'etn_faq_content' Parameter — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-79 6.4 Medium2026-07-10
CVE-2026-11818 WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API — WPCafe – Restaurant Menu, Online Food Ordering & Table Booking SystemCWE-862 5.4 Medium2026-07-10
CVE-2026-57674 WordPress Timetics plugin <= 1.0.58 - Cross Site Scripting (XSS) vulnerability — TimeticsCWE-79 7.1 High2026-07-02
CVE-2026-57621 WordPress Booktics plugin <= 1.0.21 - PHP Object Injection vulnerability — BookticsCWE-502 9.8 Critical2026-07-02
CVE-2026-57622 WordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerability — WPCafeCWE-862 4.3 Medium2026-06-26
CVE-2025-68045 WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability — WP Event SOlutionCWE-862 7.5 High2026-06-16
CVE-2026-40776 WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability — WP Event SOlutionCWE-862 7.5 High2026-06-15
CVE-2026-39432 WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability — TimeticsCWE-862 8.2 High2026-05-12
CVE-2026-4109 Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-862 4.3 Medium2026-04-14
CVE-2026-39585 WordPress Booktics plugin <= 1.0.16 - Broken Access Control vulnerability — BookticsCWE-862 5.3 Medium2026-04-08
CVE-2026-27071 WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability — WPCafeCWE-862 9.1 Critical2026-03-25
CVE-2026-1919 Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints — Booktics – Booking Calendar for Appointments and Service BusinessesCWE-306 5.3 Medium2026-03-10
CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation — Booktics – Booking Calendar for Appointments and Service BusinessesCWE-306 5.3 Medium2026-03-10
CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability — EventinCWE-502 8.8 High2026-01-22
CVE-2025-14657 Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-862 7.2 High2026-01-09
CVE-2025-67915 WordPress Timetics plugin <= 1.0.46 - Broken Authentication vulnerability — TimeticsCWE-288 8.8 High2026-01-08
CVE-2025-5919 Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And Modification — Timetics – Appointment Booking & SchedulingCWE-862 6.5 Medium2026-01-06
CVE-2025-64268 WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability — TimeticsCWE-862 7.5 High2025-12-18
CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-918 7.2 High2025-08-23
CVE-2025-49869 WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability — EventinCWE-502 8.8 High2025-08-14
CVE-2025-4796 Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-639 8.8 High2025-08-08
CVE-2025-49321 WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability — EventinCWE-79 7.1 High2025-06-27
CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability — EventinCWE-266 9.8 Critical2025-05-23
CVE-2025-47445 WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability — EventinCWE-23 7.5 High2025-05-14
CVE-2025-3419 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)CWE-73 7.5 High2025-05-08
CVE-2025-39452 WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability — WPCafeCWE-98 7.5 High2025-04-17
CVE-2025-39584 WordPress Eventin plugin <= 4.0.25 - Local File Inclusion Vulnerability — EventinCWE-98 7.5 High2025-04-16
CVE-2025-30829 WordPress WPCafe plugin <= 2.2.31 - Local File Inclusion vulnerability — WPCafeCWE-98 7.5 High2025-03-27
CVE-2025-30828 WordPress Timetics plugin <= 1.0.29 - Broken Access Control vulnerability — TimeticsCWE-862 5.3 Medium2025-03-27

This page lists every published CVE security advisory associated with Arraytics. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.