CVE-2026-1640

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...

EUVD-2025-15089

Malicious code in bioql PyPI...

EUVD-2024-50668

Malicious code in bioql PyPI...

WordPress WP Project Manager Plugin <= 2.6.25 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Legion Hunter in WordPress Plugin WP Project Manager versions = 2.6.25...

CVE-2025-49974

CVE-2025-49974 describes a Missing/Misconfigured Authorization vulnerability in UpStream: a Project Management Plugin for WordPress. Affected software: UpStream versions up to and including 2.1.0. Root cause: broken/missing access control, allowing unauthorized access due to incorrectly configure...

WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by domiee13 in WordPress Plugin UpStream: a Project Management Plugin for WordPress versions = 2.1.1...