cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches fortime-sheets time-sheets

Direction: descending
Dec 10, 2025

Time Sheets # CVE-2025-10055

CVE, Research URL

CVE-2025-10055

Home page URL

Security reports for Time Sheets

Application

Time Sheets

Date
Dec 05, 2025
Research Description
The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.1.3.
Status
vulnerable
Aug 16, 2025

Time Sheets # CVE-2025-49054

CVE, Research URL

CVE-2025-49054

Home page URL

Security reports for Time Sheets

Application

Time Sheets

Date
Aug 14, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets allows Reflected XSS. This issue affects Time Sheets: from n/a through 2.1.3.
Affected versions
max 2.1.3.
Status
vulnerable
Jun 07, 2024

Time Sheets # CVE-2017-18581

CVE, Research URL

CVE-2017-18581

Home page URL

Security reports for Time Sheets

Application

Time Sheets

Date
Aug 22, 2019
Research Description
The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list.
Affected versions
max 1.5.2.
Status
vulnerable

Time Sheets # CVE-2017-18582

CVE, Research URL

CVE-2017-18582

Home page URL

Security reports for Time Sheets

Application

Time Sheets

Date
Aug 22, 2019
Research Description
The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues.
Affected versions
max 1.5.0.
Status
vulnerable

Time Sheets # CVE-2023-0893

CVE, Research URL

CVE-2023-0893

Home page URL

Security reports for Time Sheets

Application

Time Sheets

Date
Apr 10, 2023
Research Description
The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
max 1.29.3.
Status
vulnerable