VYPR

Aio Time Clock Lite

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-6832MedAug 2, 2025
    risk 0.40cvss 6.1epss 0.00

    The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping.…

  • CVE-2025-11758MedNov 4, 2025
    risk 0.35cvss 6.5epss 0.00

    The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wp_ajax_nopriv_…

  • CVE-2025-6833MedOct 22, 2025
    risk 0.28cvss 4.3epss 0.00

    The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aio_time_clock_lite_js' AJAX action due to missing validation on a user…

  • CVE-2025-46513MedApr 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in One Time Clock Lite aio-time-clock-lite allows Cross Site Request Forgery.This issue affects All in One Time Clock Lite: from n/a through < 1.3.326.