cleantalk
Vulnerabilities and Security Researches

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin, CVE-2025-10701

CVE, Research URL

CVE-2025-10701

Home page URL

Security reports for Time Clock – A WordPress Employee & Volunteer Time Clock Plugin

Application

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin

Published on
Oct 24, 2025
Research Description
The Time Clock – A WordPress Employee & Volunteer Time Clock Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameter in all versions up to, and including, 1.3.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with Time Clock user credentials to inject arbitrary web scripts in pages that will execute whenever a user accesses an affected page.
Affected versions
max 1.3.2.
Status
vulnerable
Previous vulnerability researches
Zephyr Project Manager (CVE-2025-39552) , Apr 18, 2025
Zephyr Project Manager (CVE-2025-54714) , Sep 01, 2025
Zephyr Project Manager (CVE-2024-43322) , Aug 20, 2024
Zephyr Project Manager (CVE-2024-6536) , Aug 01, 2024
Zephyr Project Manager (CVE-2024-43915) , Aug 24, 2024
New vulnerability
LLM Hubspot Blog Import (CVE-2025-11257) , Nov 11, 2025
AI ChatBot (CVE-2025-62952) , Nov 11, 2025
Pie Calendar (CVE-2025-62024) , Nov 11, 2025
Demo Import Kit (CVE-2025-10051) , Nov 11, 2025
Slider Templates (CVE-2025-62988) , Nov 11, 2025