Time Clock Plugin Vulnerable to Remote Code Execution

CVE-2024-9593

8.3HIGH

Key Information

Vendor: плайшен
Vendor: CVE Published:; 18 October 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-9593
Created by RandomRobbieBF

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit exists.
Oct 18, 2024
Vulnerability published.
Oct 18, 2024

Collectors

NVD Database1 Proof of Concept(s)