CVE-2025-9018 Time Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deletion

The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ttupdatetablefunction' and 'ttdeleterecordfunction' functions in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers...

CVE-2025-9018

CVE-2025-9018 affects the WordPress Time Tracker plugin up to version 3.1.0. The root cause is a missing capability check in the functions tt_update_table_function and tt_delete_record_function, enabling authenticated users with Subscriber-level access and above to modify options (e.g., user regi...

CVE-2025-9018 Time Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deletion

The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ttupdatetablefunction' and 'ttdeleterecordfunction' functions in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers...

WordPress Time Tracker plugin <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update and Limited Data Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Time Tracker versions = 3.1.0...

WordPress plugin Time Tracker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-37173

Name of the Vulnerable Software and Affected Versions: Time Tracker plugin for WordPress versions through 3.1.0 Description: The Time Tracker plugin for WordPress is susceptible to unauthorized modification and data loss. A missing capability check within the tt update table function and tt delet...

CVE-2025-10088

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

Linux Distros Unpatched Vulnerability : CVE-2021-45329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. CVE-2021-45329...

Linux Distros Unpatched Vulnerability : CVE-2025-53865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive. CVE-2025-53865 Note that Nessus relies on...

CVE-2025-10088

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

CVE-2025-10088

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

CVE-2025-10088 SourceCodester Time Tracker index.html cross site scripting

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

CVE-2025-10088 SourceCodester Time Tracker index.html cross site scripting

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

CVE-2025-10088

CVE-2025-10088 affects SourceCodester Time Tracker 1.0. An unknown function in /index.html is vulnerable when manipulating the project-name parameter, enabling cross-site scripting that could be triggered remotely. Exploit is publicly available (PoC). A practical interim mitigation from PT-2025-3...

PT-2025-36446

Name of the Vulnerable Software and Affected Versions: SourceCodester Time Tracker version 1.0 Description: A cross-site scripting XSS vulnerability exists due to manipulation of the project-name argument. The vulnerability affects an unknown function within the /index.html file. The exploit is...

SourceCodester Time Tracker 代码注入漏洞

SourceCodester Time Tracker is an open source personal time tracking tool from SourceCodester. A code injection vulnerability exists in SourceCodester Time Tracker version 1.0, which stems from improper handling of parameters in the /index.html file, and could lead to cross-site scripting attacks...

Exploit for CVE-2025-8067

Proof of Concept for CVE-2025-8067 Details are available here...

SourceCodester Android Corona Virus Tracker App for India 安全漏洞

SourceCodester Android Corona Virus Tracker App for India is a new virus tracking app from SourceCodester open source. A security vulnerability exists in the SourceCodester Android Corona Virus Tracker App for India version 1.0, which stems from the use of MD5 for digest authentication, which cou...

CVE-2025-48305

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vikingjs Goal Tracker for Patreon goal-tracker-for-patreon allows Stored XSS.This issue affects Goal Tracker for Patreon: from n/a through = 0.4.6...

Linux Distros Unpatched Vulnerability : CVE-2023-45024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. CVE-2023-45024 Note th...