WP-Safety

Clock In Portal- Staff & Attendance Management Security & Risk Analysis

wordpress.org/plugins/clock-in-portal

Track the attendance of all registered employees with clock in or out system

300 active installs v2.4 PHP + WP + Updated Feb 4, 2026
attendanceclock-in-and-outleave-managementschedulershift
48
D · High Risk
CVEs total3
Unpatched3
Last CVEApr 18, 2023
Plugin page Download
Safety Verdict

Is Clock In Portal- Staff & Attendance Management Safe to Use in 2026?

High Risk

Score 48/100

Clock In Portal- Staff & Attendance Management carries significant security risk with 3 known CVEs, 3 still unpatched. Consider switching to a maintained alternative.

3 known CVEs 3 unpatched Last CVE: Apr 18, 2023Updated 3mo ago
Risk Assessment

The clock-in-portal v2.4 plugin exhibits a mixed security posture. While it demonstrates good practices in its use of prepared statements for SQL queries and proper output escaping, significant concerns arise from its attack surface and taint analysis. The presence of two unprotected AJAX handlers is a major vulnerability, creating direct entry points for attackers. Furthermore, the taint analysis revealing two high-severity flows with unsanitized paths indicates potential for data manipulation or execution of unintended code. The plugin's vulnerability history is also a notable weakness, with three unpatched medium-severity CVEs, all identified as Cross-Site Request Forgery (CSRF) vulnerabilities. This pattern suggests a recurring issue with input validation and authorization, potentially leaving users exposed to malicious actions performed on their behalf. While the plugin's code quality in other areas is commendable, the unprotected entry points and identified high-severity taint flows, coupled with a history of CSRF vulnerabilities, elevate the overall risk.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Unpatched CVEs (3 medium)
  • Use of dangerous function (unserialize)
  • Low capability checks (1 total)
Vulnerabilities
3 published

Clock In Portal- Staff & Attendance Management Security Vulnerabilities

CVEs by Year

3 CVEs in 2023 · unpatched
2023
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2023-0761medium · 4.3Cross-Site Request Forgery (CSRF)

Clock In Portal <= 2.1 - Cross-Site Request Forgery To Staff Deletion

Apr 18, 2023Unpatched
CVE-2023-0763medium · 4.3Cross-Site Request Forgery (CSRF)

Clock In Portal <= 2.1 - Cross-Site Request Forgery to Holidays Deletion

Apr 18, 2023Unpatched
CVE-2023-0762medium · 4.3Cross-Site Request Forgery (CSRF)

Clock In Portal <= 2.1 - Cross-Site Request Forgery to Designation Deletion

Apr 18, 2023Unpatched
Version History

Clock In Portal- Staff & Attendance Management Release Timeline

v2.33 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v2.23 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v2.13 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v2.03 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.93 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.83 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.73 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.6.93 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.6.83 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.6.73 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.6.63 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.6.53 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.6.43 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.6.33 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.6.23 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.6.13 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.6.03 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.5.93 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.5.83 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
v1.5.73 CVEs
CVE-2023-0761 CVE-2023-0763 CVE-2023-0762
Code Analysis
Analyzed Mar 16, 2026

Clock In Portal- Staff & Attendance Management Code Analysis

Dangerous Functions
5
Raw SQL Queries
9
134 prepared
Unescaped Output
45
530 escaped
Nonce Checks
11
Capability Checks
1
File Operations
12
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$extra = @unserialize($staff->extra);dashboard.php:168
unserialize$details = unserialize(file_get_contents('http://www.geoplugin.net/php.gp?ip='.$user_ip));inc\custom_function.php:22
unserialize$query = @unserialize(file_get_contents('http://ip-api.com/php/'.$user_ip));reports.php:594
unserialize$extra = @unserialize($report_data->extra);reports.php:860
unserialize$extra = @unserialize($row->extra);subscribers\staff-reports.php:320

Bundled Libraries

DataTables

SQL Query Safety

94% prepared143 total queries

Output Escaping

92% escaped575 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

13 flows6 with unsanitized paths
insert_user_login_data (public\inc\helpers\WL_CIP_FREE_Helper.php:19)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Clock In Portal- Staff & Attendance Management Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

noprivwp_ajax_wl_cip_front_callpublic\public.php:14
authwp_ajax_wl_cip_front_callpublic\public.php:15

Shortcodes 1

[WL_CIP_PORTAL] public\public.php:11
WordPress Hooks 13
actionadmin_menuadmin-setup-wizard.php:37
actionadmin_initadmin-setup-wizard.php:38
actionadmin_enqueue_scriptsadmin-setup-wizard.php:39
actioncip_setup_setup_footeradmin-setup-wizard.php:40
actionplugins_loadedclock-in-portal.php:31
actionadmin_initclock-in-portal.php:66
actionadmin_menuclock-in-portal.php:81
filterlogin_redirectclock-in-portal.php:201
filterwoocommerce_disable_admin_barclock-in-portal.php:281
filterwoocommerce_prevent_admin_accessclock-in-portal.php:287
actionwp_dashboard_setupclock-in-portal.php:296
actionadmin_initclock-in-portal.php:404
actionwp_enqueue_scriptspublic\public.php:8
Maintenance & Trust

Clock In Portal- Staff & Attendance Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 4, 2026
PHP min version
Downloads21K

Community Trust

Rating78/100
Number of ratings11
Active installs300
Alternatives

Clock In Portal- Staff & Attendance Management Alternatives

HR Management Lite

HR Management Lite

hr-management-lite

C
56

HR Plugin for WordPress to Manage the HR works and the Projects.

300 2 unpatched
Clockinator Lite

Clockinator Lite

clockify-lite

B
79

Clockinator Lite is a powerful and easy-to-use employee and attendance management plugin for WordPress.

100 1 unpatched
Blog2Social: Social Media Auto Post & Scheduler

Blog2Social: Social Media Auto Post & Scheduler

blog2social

B
76

Automatically share and schedule your WordPress content on top social platforms like Facebook, Instagram, LinkedIn, TikTok, and more.

50K 24 CVEs
Action Scheduler

Action Scheduler

action-scheduler

A
100

Action Scheduler - Job Queue for WordPress

20K No CVEs
SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher

SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher

wp-scheduled-posts

A
98

Automate your WordPress content scheduling with a visual calendar, auto/manual schedulers, missed‑post handler, social sharing options & templates.

10K 3 CVEs
Developer Profile

Clock In Portal- Staff & Attendance Management Developer Profile

Infigo Software

23 plugins · 6K total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Clock In Portal- Staff & Attendance Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/clock-in-portal/js/bootstrap.min.js/wp-content/plugins/clock-in-portal/js/flipclock.js/wp-content/plugins/clock-in-portal/js/jquery-date-format.js/wp-content/plugins/clock-in-portal/js/moment.js/wp-content/plugins/clock-in-portal/js/bootstrap-datetimepicker.js/wp-content/plugins/clock-in-portal/css/style.css
Version Parameters
clock-in-portal/js/bootstrap.min.js?ver=clock-in-portal/js/flipclock.js?ver=clock-in-portal/js/jquery-date-format.js?ver=clock-in-portal/js/moment.js?ver=clock-in-portal/js/bootstrap-datetimepicker.js?ver=clock-in-portal/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
update-pluginscount-1plugin-count
JS Globals
CIP_PLG_URL
FAQ

Frequently Asked Questions about Clock In Portal- Staff & Attendance Management