Time Sheets
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49054 | Hig | 0.46 | 7.1 | 0.00 | Aug 14, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets time-sheets allows Reflected XSS.This issue affects Time Sheets: from n/a through <= 2.1.3. | ||
| CVE-2017-18582 | Med | 0.40 | 6.1 | 0.01 | Aug 22, 2019 | The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues. | ||
| CVE-2017-18581 | Med | 0.40 | 6.1 | 0.01 | Aug 22, 2019 | The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list. | ||
| CVE-2023-0893 | Med | 0.31 | 4.8 | 0.00 | Apr 10, 2023 | The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite… | ||
| CVE-2025-10055 | Med | 0.28 | 4.3 | 0.00 | Dec 5, 2025 | The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of… |
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets time-sheets allows Reflected XSS.This issue affects Time Sheets: from n/a through <= 2.1.3.
- risk 0.40cvss 6.1epss 0.01
The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues.
- risk 0.40cvss 6.1epss 0.01
The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list.
- risk 0.31cvss 4.8epss 0.00
The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
- risk 0.28cvss 4.3epss 0.00
The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of…