CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is affected up to version 4.71 by an access control flaw in view_file that allows unauthenticated attackers to read file metadata and obtain download links for files stored in project folders. The authorization gate uses a negated nonce check...

WordPress plugin SP Project & Document Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-46270

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device owner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECT MANAGER witho...

WordPress Zephyr Project Manager plugin <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation vulnerability

Authenticated Subscriber+ Limited Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Zephyr Project Manager versions = 3.3.101...

WordPress SP Project & Document Manager plugin <= 4.71 - Subscriber+ File Download via IDOR vulnerability

Subscriber+ File Download via IDOR vulnerability discovered by fewwords in WordPress Plugin SP Project & Document Manager versions = 4.71...

CVE-2025-68898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through = 1.5...

CVE-2025-68898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through = 1.5...

CVE-2025-68898 WordPress Synergy Project Manager plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through = 1.5...

CVE-2025-68898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through = 1.5...

CVE-2025-68898 WordPress Synergy Project Manager plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through = 1.5...

CVE-2025-68898

The CVE-2025-68898 issue is a Stored XSS in Synergy Project Manager (WordPress plugin) versions up to and including 1.5, caused by improper input handling during web page generation. Based on connected records, there is no published fix in the provided sources; patch/status shows as Unpatched. Af...

PT-2026-4100

Name of the Vulnerable Software and Affected Versions cjjparadoxmax Synergy Project Manager versions through 1.5 Description The Synergy Project Manager software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This...

WordPress plugin Synergy Project Manager has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Synergy Project Manager plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by mcdruid in WordPress Plugin Synergy Project Manager versions = 1.5...

CVE-2019-18884

index.php/teammembers/addteammember in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users...

CVE-2023-49860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts allows Stored XSS.This issue affects WP Project Manager – Task, team, and project...

CVE-2023-40003

Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through = 2.6.7...