Vulnerabilities and security researches fortime-clock time-clock

Oct 20, 2024

CVE, Research URL: CVE-2024-9593
Home page URL: Security reports for Time Clock – A WordPress Employee & Volunteer Time Clock Plugin
Application: Time Clock – A WordPress Employee & Volunteer Time Clock Plugin
Date: Oct 18, 2024
Research Description: The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47516
Home page URL: Security reports for Time Clock – A WordPress Employee & Volunteer Time Clock Plugin
Application: Time Clock – A WordPress Employee & Volunteer Time Clock Plugin
Date: May 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Time Clock allows Stored XSS. This issue affects Time Clock: from n/a through 1.2.3.
Affected versions: Min -, max -.
Status: vulnerable