- Description
- The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.3
- Impact score
- 3.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
- Severity
- HIGH
- security@wordfence.com
- CWE-94
- Hype score
- Not currently trending
#CVE-2024-9593-#Exploit إثبات مفهوم للثغره CVE-2024-9593 في #wordpress https://t.co/zfOVpKPm53 تستطيع تغيير phpinfo إلى اي كود RCE ,ويتم تنفيذه بسهوله. *إستخدم السكربت في #بيئة خاصه بك #النفسيه_محتاجه__قهووة #ولا_شي
@Nxploited
7 Feb 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Day 4 & 5 : RCE - CVE-2024-9593 Link : https://t.co/yKdwHYMNP2 https://t.co/PTUsud1iYk
@h4x0r_fr34k
20 Jan 2025
10357 Impressions
30 Retweets
210 Likes
121 Bookmarks
0 Replies
0 Quotes
CVE-2024-9593: The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution. https://t.co/W1U68AXa21 https://t.co/Jc9KI0zZel
@cyber_advising
2 Jan 2025
1214 Impressions
3 Retweets
15 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 New PoC Alert: Time Clock/Time Clock Pro WordPress Plugin Code Execution Vulnerability 🚨 📛 CVE-2024-9593 🔴 CVSS: 8.3 📈 Impact: Remote Code Execution 📔Version: <= 1.2.2 (for Time Clock) and <= 1.1.4 (for Time Clock Pro) 🦠 CWE-94 - Improper Control of Generation of C
@gothburz
1 Jan 2025
88 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#CVE-2024-9593 This vulnerability is simple and crude, but the damage is definitely not high-risk. You can only control the function name, not the parameters, and the use is very limited. #ZoomEye mapping has 67 results. #BugBounty #bugbountytips #tipoftheday #CyberSecurity https
@_r00tuser
30 Oct 2024
178 Impressions
1 Retweet
2 Likes
2 Bookmarks
1 Reply
0 Quotes
[CVE-2024-9593: HIGH] ⚠️ WordPress Time Clock & Time Clock Pro plugins versions up to 1.2.2 & 1.1.4 respectively are vulnerable to Remote Code Execution, letting unauthenticated attackers run code on the server.#cybersecurity,#vulnerability https://t.co/kSTADdW0pN https:/
@CveFindCom
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9593 CVE-2024-9593 Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution Description: The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable... https://t.co/i4usSRb14n
@VulmonFeeds
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9593 The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4… https://t.co/X9pdJGXoUD
@CVEnew
491 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpplugin:time_clock:*:*:*:*:pro:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "B057E167-BA8B-4556-924E-9F1641ABB35F",
"versionEndIncluding": "1.1.4"
},
{
"criteria": "cpe:2.3:a:wpplugin:time_clock:*:*:*:*:-:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "C1CE6396-E04F-47F3-B8D0-E1A0CB2DEEB8",
"versionEndIncluding": "1.2.2"
}
],
"operator": "OR"
}
]
}
]