MidnightBSD

Advisories for infigosoftware

CVE-2023-0761

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack

Products Affected

Vendor Product Version
infigosoftware clock_in_portal-_staff_&_attendance_management *
CVE-2023-0762

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack

Products Affected

Vendor Product Version
infigosoftware clock_in_portal-_staff_&_attendance_management *
CVE-2023-0763

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack

Products Affected

Vendor Product Version
infigosoftware clock_in_portal-_staff_&_attendance_management *