CVE-2024-9593

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: Time Clock plugin versions up to 1.2.2 Time Clock Pro plugin versions up to 1.1.4

Description: The issue concerns the etimeclockwp load function callback function, which is related to improper management of code generation. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified, enabling remote code execution.

Recommendations: For Time Clock plugin versions up to 1.2.2, update to a version later than 1.2.2 to resolve the issue. For Time Clock Pro plugin versions up to 1.1.4, update to a version later than 1.1.4 to resolve the issue. As a temporary workaround, consider disabling the etimeclockwp load function callback function until a patch is available.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2025-00120

CVE-2024-9593

Affected Products

Time Clock

Time Clock Pro

CVE-2024-9593

Weakness Enumeration

Related Identifiers

Affected Products

References · 17