Does Time Clock – A WordPress Employee & Volunteer Time Clock Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Time Clock – A WordPress Employee & Volunteer Time Clock Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Time Clock – A WordPress Employee & Volunteer Time Clock Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, Time Clock – A WordPress Employee & Volunteer Time Clock Plugin 1.3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Time Clock – A WordPress Employee & Volunteer Time Clock Plugin compatible with PHP 5.6+?

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin Security & Risk Analysis

wordpress.org/plugins/time-clock

An employee / volunteer time clock for WordPress

600 active installs v1.3.2 PHP 5.6+ WP 4.0+ Updated Dec 4, 2025

clockemployeetimetimeclockvolunteer

A · Safe

CVEs total3

Unpatched0

Last CVEOct 23, 2025

Plugin page Download

Safety Verdict

Is Time Clock – A WordPress Employee & Volunteer Time Clock Plugin Safe to Use in 2026?

Generally Safe

Score 95/100

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 23, 2025Updated 4mo ago

Risk Assessment

The "time-clock" plugin v1.3.2 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and appears to have no currently unpatched CVEs. The taint analysis also shows a clean bill of health with no identified unsanitized flows. However, significant concerns arise from the static analysis. The presence of one AJAX handler without authentication checks creates a direct entry point for unauthenticated attackers. Furthermore, the plugin utilizes the deprecated and inherently insecure `create_function` PHP function twice, which is a strong indicator of potential code injection vulnerabilities if not handled with extreme care. While the vulnerability history shows no current critical issues, the past prevalence of Cross-site Scripting and Code Injection vulnerabilities, along with a high-severity CVE recorded recently, suggests a recurring pattern of insecure coding practices that require vigilant monitoring and patching.

Key Concerns

Unprotected AJAX handler found
Use of dangerous function 'create_function'
Low output escaping rate (43%)
Past high-severity CVEs and common vuln types

Vulnerabilities

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-10701medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting

Oct 23, 2025 Patched in 1.3.2 (1d)

CVE-2025-47516medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Time Clock <= 1.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 7, 2025 Patched in 1.3 (7d)

CVE-2024-9593high · 8.3Improper Control of Generation of Code ('Code Injection')

Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution

Oct 18, 2024 Patched in 1.2.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

137

105 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'admin_notices', create_function( '', "echo '<div class=\"error\"><p>". __('Employee Timtimeclock.php:80

create_functionadd_action( 'admin_notices', create_function( '', "echo '<div class=\"error\"><p>".__('Employee Timetimeclock.php:82

SQL Query Safety

100% prepared4 total queries

Output Escaping

43% escaped242 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

etimeclockwp_date_edit_callback (includes\admin\ajax_functions_admin.php:39)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin Attack Surface

Entry Points7

Unprotected1

AJAX Handlers 6

authwp_ajax_etimeclockwp_timeclock_actionincludes\actions.php:482

noprivwp_ajax_etimeclockwp_timeclock_actionincludes\actions.php:483

authwp_ajax_etimeclockwp_date_deleteincludes\admin\ajax_functions_admin.php:35

authwp_ajax_etimeclockwp_date_editincludes\admin\ajax_functions_admin.php:79

authwp_ajax_etimeclockwp_date_newincludes\admin\ajax_functions_admin.php:132

authwp_ajax_etimeclockwp_deactivate_surveyincludes\admin\deactivate_survey.php:74

Shortcodes 1

[timeclock] includes\shortcodes.php:63

WordPress Hooks 39

actionadmin_initincludes\actions.php:14

actionadmin_initincludes\actions.php:25

actionadmin_noticesincludes\actions.php:40

actionadd_meta_boxesincludes\admin\activity.php:14

actionmanage_etimeclockwp_clock_posts_custom_columnincludes\admin\activity.php:334

filtermanage_edit-etimeclockwp_clock_columnsincludes\admin\activity.php:349

filterlist_table_primary_columnincludes\admin\activity.php:360

filterpost_row_actionsincludes\admin\activity.php:372

filterpost_updated_messagesincludes\admin\activity.php:376

filterviews_edit-etimeclockwp_clockincludes\admin\activity.php:397

actionrestrict_manage_postsincludes\admin\activity.php:455

filterparse_queryincludes\admin\activity.php:474

actionadmin_enqueue_scriptsincludes\admin\deactivate_survey.php:49

actionetimeclockwp_daily_scheduled_eventsincludes\admin\extensions.php:90

actionadmin_menuincludes\admin\menu.php:15

filterparent_fileincludes\admin\menu.php:40

filternav_menu_css_classincludes\admin\menu.php:57

filterplugin_action_linksincludes\admin\menu.php:74

actioninitincludes\admin\post_types.php:66

actioninitincludes\admin\post_types.php:79

actionadmin_menuincludes\admin\post_types.php:89

actionadmin_enqueue_scriptsincludes\admin\post_types.php:98

filteretimeclockwp_dashboard_arrayincludes\admin\settings\settings_dashboard_items.php:32

filteretimeclockwp_dashboard_arrayincludes\admin\settings\settings_dashboard_items.php:68

actionadd_meta_boxesincludes\admin\users.php:11

actionsave_postincludes\admin\users.php:172

filterwp_insert_post_dataincludes\admin\users.php:185

actionmanage_etimeclockwp_users_posts_custom_columnincludes\admin\users.php:205

filtermanage_edit-etimeclockwp_users_columnsincludes\admin\users.php:219

filterpost_row_actionsincludes\admin\users.php:233

filterpost_updated_messagesincludes\admin\users.php:237

filterviews_edit-etimeclockwp_usersincludes\admin\users.php:258

actionadmin_footerincludes\enqueue.php:42

actionadmin_enqueue_scriptsincludes\enqueue.php:45

actionwp_enqueue_scriptsincludes\enqueue.php:77

actionadmin_initincludes\settings\settings_api.php:744

actionadmin_noticestimeclock.php:80

actionadmin_noticestimeclock.php:82

actionadmin_inittimeclock.php:88

Maintenance & Trust

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version5.6

Downloads18K

Community Trust

Rating98/100

Number of ratings8

Active installs600

Alternatives

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin Alternatives

Plain Tracker

plaintracker

100

A time clock plugin to track and analyze time of employees, workers or volunteers.

10 No CVEs

All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier

aio-time-clock-lite

Employees can easily clock in and out. Managers can run reports, keep track of employees/volunteers/contractors and their time.

700 5 CVEs

HRM Work Tracking

hrm-work-tracking

HRM Work Tracking plugin is a complete employee or user time tracking in the WordPress backend.

30 No CVEs

Countdown Timer Ultimate

countdown-timer-ultimate

100

A quick, easy way to add and display responsive Countdown timer on your website. Also work with Gutenberg shortcode block.

20K No CVEs

MX Time Zone Clocks

mx-time-zone-clocks

Add time zone clocks to your website.

1K 2 unpatched

Developer Profile

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin Developer Profile

Scott Paterson

12 plugins · 44K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

267 days

View full developer profile

Detection Fingerprints

How We Detect Time Clock – A WordPress Employee & Volunteer Time Clock Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/time-clock/assets/css/etimeclockwp-admin.css/wp-content/plugins/time-clock/assets/js/etimeclockwp-deactivation-survey.js

Script Paths

/wp-content/plugins/time-clock/assets/js/etimeclockwp-deactivation-survey.js

Version Parameters

plugins/time-clock/assets/js/etimeclockwp-deactivation-survey.js?ver=plugins/time-clock/assets/css/etimeclockwp-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

etimeclockwp-deactivation-survey-modaletimeclockwp-deactivation-survey-backdropetimeclockwp-survey-fieldetimeclockwp-survey-textareaetimeclockwp-survey-radio

Data Attributes

data-etimeclockwp-plugin-version

JS Globals

etimeclockwpDeactivationSurvey

FAQ