CVE-2025-11758
- EPSS 0.1%
- Veröffentlicht 04.11.2025 04:27:15
- Zuletzt bearbeitet 15.04.2026 00:35:42
The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated...
CVE-2025-6833
- EPSS 0.04%
- Veröffentlicht 22.10.2025 09:24:37
- Zuletzt bearbeitet 15.04.2026 00:35:42
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aio_time_clock_lite_js' AJAX action due to missing...
CVE-2025-6832
- EPSS 0.12%
- Veröffentlicht 02.08.2025 08:24:47
- Zuletzt bearbeitet 15.04.2026 00:35:42
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 2.0 due to insufficient input sanitizat...
CVE-2025-46513
- EPSS 0.05%
- Veröffentlicht 24.04.2025 16:15:42
- Zuletzt bearbeitet 15.04.2026 00:35:42
Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite aio-time-clock-lite allows Cross Site Request Forgery.This issue affects All in One Time Clock Lite: from n/a through < 1.3.326.
CVE-2022-44594
- EPSS 0.11%
- Veröffentlicht 23.04.2023 10:15:07
- Zuletzt bearbeitet 21.11.2024 07:28:11
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions.