CVE-2025-11758
- EPSS 0.1%
- Veröffentlicht 04.11.2025 04:27:15
- Zuletzt bearbeitet 04.11.2025 15:40:45
The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated...
CVE-2025-6833
- EPSS 0.05%
- Veröffentlicht 22.10.2025 09:24:37
- Zuletzt bearbeitet 22.10.2025 21:12:48
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aio_time_clock_lite_js' AJAX action due to missing...
CVE-2025-6832
- EPSS 0.11%
- Veröffentlicht 02.08.2025 08:24:47
- Zuletzt bearbeitet 04.08.2025 15:06:15
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 2.0 due to insufficient input sanitizat...
CVE-2025-46513
- EPSS 0.08%
- Veröffentlicht 24.04.2025 16:15:42
- Zuletzt bearbeitet 29.04.2025 13:52:28
Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite allows Cross Site Request Forgery. This issue affects All in One Time Clock Lite: from n/a through 1.3.324.
CVE-2022-44594
- EPSS 0.11%
- Veröffentlicht 23.04.2023 10:15:07
- Zuletzt bearbeitet 21.11.2024 07:28:11
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions.