CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

CVE-2025-68040

Technical details for CVE-2025-68040 are not provided in the given materials. Public information about affected versions, exploitability, and fixes is unavailable here; please monitor for official advisories and vendor updates.

CVE-2025-58269 WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...

CVE-2025-58269 WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability

Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager wedevs-project-manager allows Retrieve Embedded Sensitive Data.This issue affects WP Project Manager: from n/a through = 2.6.25...

WordPress plugin WP Project Manager 信任管理问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A vulnerabilit...

WordPress plugin WP Project Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin WP Project Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress WP Project Manager plugin <= 2.6.26 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Joshua Martinelle in WordPress Plugin WP Project Manager versions = 2.6.26...

CVE-2024-10520

CVE-2024-10520 (WP Project Manager, WordPress) The WP Project Manager plugin (v2.6.14 and earlier) is vulnerable to unauthorized data modification due to a missing capability check in Create_Milestone, Create_Task_List, Create_Task, and Delete_Task. This allows unauthenticated remote actors to cr...

WordPress plugin WP Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Zephyr Project Manager plugin < 3.3.99 - Editor+ stored XSS vulnerability

Editor+ stored XSS vulnerability discovered by Adrian Peña Barragan in WordPress Plugin Zephyr Project Manager versions 3.3.99...

CVE-2023-49860 WordPress WP Project Manager Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...

CVE-2020-36745

The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the doupdates function. This makes it possible for unauthenticated attackers to trigger updates via a forged...

CVE-2023-34373

CVE-2023-34373 affects the Zephyr Project Manager WordPress plugin (versions ≤ 3.3.93). The issue is a Cross-Site Request Forgery (CSRF) vulnerability that could allow unauthenticated or authenticated attackers to induce unwanted actions (e.g., data deletion) due to missing CSRF checks. A fix is ...

WordPress Plugin Dylan James Zephyr Project Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... WordPress Plugin Dylan...

WordPress WP Project Manager plugin <= 2.4.13 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Jörgson Patchstack Alliance in WordPress WP Project Manager plugin versions = 2.4.13. Solution Update the WordPress WP Subscribe plugin to the latest available version at least 2.4.14...