CVE-2024-9593

🗓️ 18 Oct 2024 18:15:04Reported by [email protected]Type

Time Clock and Time Clock Pro plugins for WordPress up to version 1.2.2 and 1.1.4 respectively, are vulnerable to Remote Code Execution via 'etimeclockwp_load_function_callback' function

Reporter	Title	Published	Views	Family All 17
GithubExploit	Exploit for Code Injection in Wpplugin Time_Clock	18 Oct 202409:11	–	githubexploit
BDU FSTEC	The vulnerability of the etimeclockwp_load_function_callback() function in the WordPress Content Management System allows a hacker to execute arbitrary code.	10 Jan 202500:00	–	bdu_fstec
Circl	CVE-2024-9593	18 Oct 202421:05	–	circl
CNNVD	WordPress plugin Time Clock plugin and Time Clock Pro 代码注入漏洞	18 Oct 202400:00	–	cnnvd
CVE	CVE-2024-9593	18 Oct 202417:32	–	cve
Cvelist	CVE-2024-9593 Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution	18 Oct 202417:32	–	cvelist
Nuclei	Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution	8 Jun 202604:09	–	nuclei
OSV	CVE-2024-9593	18 Oct 202418:15	–	osv
Patchstack	WordPress Time Clock Plugin <= 1.2.2 is vulnerable to Remote Code Execution (RCE)	18 Oct 202400:00	–	patchstack
Patchstack	WordPress Time Clock plugin <= 1.2.2 - Unauthenticated (Limited) Remote Code Execution vulnerability	18 Oct 202405:53	–	patchstack

NVD

Node

wpplugin time_clockRange≤1.1.4prowordpress

wpplugin time_clockRange≤1.2.2-wordpress

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/247e599a-74e2-41d5-a1ba-978a807e6544
plugins	www.plugins.trac.wordpress.org/changeset/3171046/time-clock
plugins	www.plugins.trac.wordpress.org/browser/time-clock/tags/1.2.2/includes/admin/ajax_functions_admin.php

29 Oct 2024 13:40Current

CVSS 3.18.3

EPSS0.85505

CWE-94