- Description
- The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.3
- Impact score
- 3.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
- Severity
- HIGH
- security@wordfence.com
- CWE-94
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
Day 4 & 5 : RCE - CVE-2024-9593 Link : https://t.co/yKdwHYMNP2 https://t.co/PTUsud1iYk
@h4x0r_fr34k
20 Jan 2025
10357 Impressions
30 Retweets
210 Likes
121 Bookmarks
0 Replies
0 Quotes
CVE-2024-9593: The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution. https://t.co/W1U68AXa21 https://t.co/Jc9KI0zZel
@cyber_advising
2 Jan 2025
1214 Impressions
3 Retweets
15 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 New PoC Alert: Time Clock/Time Clock Pro WordPress Plugin Code Execution Vulnerability 🚨 📛 CVE-2024-9593 🔴 CVSS: 8.3 📈 Impact: Remote Code Execution 📔Version: <= 1.2.2 (for Time Clock) and <= 1.1.4 (for Time Clock Pro) 🦠 CWE-94 - Improper Control of Generation of C
@gothburz
1 Jan 2025
88 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#CVE-2024-9593 This vulnerability is simple and crude, but the damage is definitely not high-risk. You can only control the function name, not the parameters, and the use is very limited. #ZoomEye mapping has 67 results. #BugBounty #bugbountytips #tipoftheday #CyberSecurity https
@_r00tuser
30 Oct 2024
178 Impressions
1 Retweet
2 Likes
2 Bookmarks
1 Reply
0 Quotes
[CVE-2024-9593: HIGH] ⚠️ WordPress Time Clock & Time Clock Pro plugins versions up to 1.2.2 & 1.1.4 respectively are vulnerable to Remote Code Execution, letting unauthenticated attackers run code on the server.#cybersecurity,#vulnerability https://t.co/kSTADdW0pN https:/
@CveFindCom
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9593 CVE-2024-9593 Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution Description: The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable... https://t.co/i4usSRb14n
@VulmonFeeds
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9593 The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4… https://t.co/X9pdJGXoUD
@CVEnew
491 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpplugin:time_clock:*:*:*:*:pro:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "B057E167-BA8B-4556-924E-9F1641ABB35F",
"versionEndIncluding": "1.1.4"
},
{
"criteria": "cpe:2.3:a:wpplugin:time_clock:*:*:*:*:-:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "C1CE6396-E04F-47F3-B8D0-E1A0CB2DEEB8",
"versionEndIncluding": "1.2.2"
}
],
"operator": "OR"
}
]
}
]