cleantalk
Vulnerabilities and Security Researches

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin, CVE-2024-9593

CVE, Research URL

CVE-2024-9593

Home page URL

Security reports for Time Clock – A WordPress Employee & Volunteer Time Clock Plugin

Application

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin

Published on
Oct 18, 2024
Research Description
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
Affected versions
Min -, max 1.2.3.
Status
vulnerable
Previous vulnerability researches
Time Clock – A WordPress Employee & Volunteer Time Clock Plugin (CVE-2024-9593) , Oct 20, 2024
Time Clock – A WordPress Employee & Volunteer Time Clock Plugin (CVE-2025-47516) , May 09, 2025
All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier (CVE-2022-44594) , Jun 07, 2024
All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier (CVE-2025-46513) , Apr 26, 2025
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025