CVE-2025-46513
Description
Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite aio-time-clock-lite allows Cross Site Request Forgery.This issue affects All in One Time Clock Lite: from n/a through < 1.3.326.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in Codebangers All in One Time Clock Lite allows attackers to force privileged users to execute unwanted actions via crafted requests.
The vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress plugin All in One Time Clock Lite, versions prior to 1.3.326, allowing attackers to trick authenticated administrators into performing unintended actions [1].
Exploitation requires a privileged user to click a malicious link or submit a crafted form while authenticated, making user interaction a prerequisite [1].
An attacker can force the victim to perform unwanted actions such as changing settings or modifying data without their consent, leveraging the victim's current session [1].
The issue is fixed in version 1.3.326 and later; Patchstack users can enable auto-updates for vulnerable plugins [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <= 1.3.326
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.