Time Security Vulnerabilities

CVE-2024-24867

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through...

CVE-2024-0730

A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been....

CVE-2022-41790

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...

CVE-2023-5203

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in.....

CVE-2023-5653

The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in...

CVE-2023-47817

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.10.13...

CVE-2023-27632

Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08...

CVE-2023-45006

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location plugin <= 2.4.6...

CVE-2023-25989

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading.....

CVE-2023-41734

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2...

CVE-2023-2813

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

CVE-2023-3544

A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack.....

CVE-2023-28991

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin <= 3.0.19...

CVE-2023-27631

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04...

CVE-2023-33984

SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this...

CVE-2023-0600

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection...

CVE-2023-0894

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...

CVE-2022-44594

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320...

CVE-2023-0893

The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2023-23971

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81...

CVE-2023-28756

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and...

CVE-2022-4656

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...

CVE-2022-30178

Azure RTOS GUIX Studio Remote Code Execution...

CVE-2022-29618

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...

CVE-2022-29518

Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and.....

CVE-2022-0785

The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL...

CVE-2022-26103

Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and...

CVE-2022-0389

The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...

CVE-2022-0410

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL...

CVE-2021-24920

The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...

CVE-2021-25042

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude....

CVE-2021-25035

The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site...

CVE-2021-44161

Changing MOTP (Mobile One Time Password) system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without...

CVE-2021-24750

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection...

CVE-2021-42301

Azure RTOS Information Disclosure...

CVE-2021-42323

Azure RTOS Information Disclosure...

CVE-2021-42302

Azure RTOS Elevation of Privilege...

CVE-2021-42303

Azure RTOS Elevation of Privilege...

CVE-2021-42304

Azure RTOS Elevation of Privilege...

CVE-2021-26444

Azure RTOS Information Disclosure...

CVE-2021-24829

The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection...

CVE-2021-24671

The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting...

CVE-2021-24523

The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting...

CVE-2021-21442

In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to...

CVE-2021-2415

Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and....

CVE-2021-24193

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog,.....

CVE-2021-2239

Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite (component: Timecard). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and....

CVE-2020-26289

date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version...

CVE-2020-26235

In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected...

CVE-2020-6370

SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)...