Name of the Vulnerable Software and Affected Versions:

All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress versions up to and including 2.0

Description:

The plugin is susceptible to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which can execute if a user is tricked into performing an action, such as clicking a malicious link. The vulnerability exists via the `nonce` parameter.

Recommendations:

Update the All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin to a version later than 2.0.