CVE-2024-9593

HIGH EXPLOITED NUCLEI

Time Clock and Time Clock Pro <= 1.2.2 - Unauthenticated Remote Code Execution via etimeclockwp_load_function_callback

Title source: llm

Exploitation Summary

CVE-2024-9593 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including RandomRobbieBF, 0x4f5da2-venom, Nxploited. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated remote code execution vulnerability in the Time Clock and Time Clock Pro WordPress plugins via the 'etimeclockwp_load_function_callback' function. The exploit sends a POST request to admin-ajax.php with a specified function name to execute arbitrary code.

Description

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.

Exploits (4)

nomisec WORKING POC 7 stars

by RandomRobbieBF · remote

https://github.com/RandomRobbieBF/CVE-2024-9593

View Code ZIP pw:eip

This PoC demonstrates an unauthenticated remote code execution vulnerability in the Time Clock and Time Clock Pro WordPress plugins via the 'etimeclockwp_load_function_callback' function. The exploit sends a POST request to admin-ajax.php with a specified function name to execute arbitrary code.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Time Clock <= 1.2.2, Time Clock Pro <= 1.1.4

No auth needed

Prerequisites: WordPress installation with vulnerable plugin

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER 2 stars

by 0x4f5da2-venom · remote

https://github.com/0x4f5da2-venom/CVE-2024-9593-EXP

View Code ZIP pw:eip

This is a scanner for CVE-2024-9593, a WordPress plugin vulnerability. It checks for the presence of the vulnerability by sending a POST request to a specific endpoint and analyzing the response for indicators of vulnerability.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress plugin (specific plugin not mentioned)

No auth needed

Prerequisites: List of URLs to scan

MITRE ATT&CK

T1595 - Active Scanning

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by Nxploited · remote

https://github.com/Nxploited/CVE-2024-9593-Exploit

View Code ZIP pw:eip

This exploit targets CVE-2024-9593, an unauthenticated Remote Code Execution vulnerability in the Time Clock and Time Clock Pro WordPress plugins. It checks for vulnerable versions by fetching the readme.txt file and then exploits the vulnerability via the 'etimeclockwp_load_function_callback' function.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Time Clock plugin for WordPress (up to 1.2.2) and Time Clock Pro plugin for WordPress (up to 1.1.4)

No auth needed

Prerequisites: Target must have the vulnerable plugin installed and accessible · Target must be running a vulnerable version of the plugin

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-9593-Exploit

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-9593, targeting an arbitrary file upload vulnerability in the WordPress Plugin 3DPrint Lite 1.9.1.4. The exploit demonstrates the ability to upload a malicious file to a vulnerable target.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin 3DPrint Lite 1.9.1.4

No auth needed

Prerequisites: target URL · path to a file to upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution

HIGHVERIFIEDby s4e-io

FOFA: body="/wp-content/plugins/time-clock/" || body="/wp-content/plugins/time-clock-pro/"

References (3)

Core 3

Core References

Product

https://plugins.trac.wordpress.org/browser/time-clock/tags/1.2.2/includes/admin/ajax_functions_admin.php#L58

Product

https://plugins.trac.wordpress.org/changeset/3171046/time-clock#file40

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/247e599a-74e2-41d5-a1ba-978a807e6544?source=cve

Scores

CVSS v3 8.3

EPSS 0.1249

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-03-11

CWE

CWE-94

Status published

Products (4)

Scott Paterson/Time Clock Pro < 1.1.4

scottpaterson/Time Clock – A WordPress Employee & Volunteer Time Clock Plugin < 1.2.2

wpplugin/time_clock < 1.1.4

wpplugin/time_clock < 1.2.2

Published Oct 18, 2024

Tracked Since Feb 18, 2026