Time Tracker Project
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9018 | Hig | 0.50 | 8.8 | 0.00 | Sep 11, 2025 | The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'tt_update_table_function' and 'tt_delete_record_function' functions in all versions up to, and including, 3.1.0. This makes it possible for… | ||
| CVE-2025-10088 | Low | 0.23 | 3.5 | 0.00 | Sep 8, 2025 | A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now… | ||
| CVE-2023-36250 | 0.00 | — | 0.01 | Sep 14, 2023 | CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. | |||
| CVE-2019-12162 | 0.00 | — | 0.00 | Jul 23, 2019 | Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe. | |||
| CVE-2015-6751 | 0.00 | — | 0.01 | Aug 31, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to… |
- risk 0.50cvss 8.8epss 0.00
The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'tt_update_table_function' and 'tt_delete_record_function' functions in all versions up to, and including, 3.1.0. This makes it possible for…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now…
- CVE-2023-36250Sep 14, 2023risk 0.00cvss —epss 0.01
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
- CVE-2019-12162Jul 23, 2019risk 0.00cvss —epss 0.00
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe.
- CVE-2015-6751Aug 31, 2015risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to…