Time Clock Plugin Vulnerable to Remote Code Execution
CVE-2024-9593
8.3HIGH
Key Information
- Vendor
- плайшен
- Vendor
- CVE Published:
- 18 October 2024
Badges
👾 Exploit Exists🔴 Public PoC
Summary
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
CVSS V3.1
Score:
8.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
- 👾
Exploit exists.
Vulnerability published.
Collectors
NVD Database1 Proof of Concept(s)